Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-3092 (GCVE-0-2016-3092)
Vulnerability from cvelistv5 – Published: 2016-07-04 22:00 – Updated: 2024-08-05 23:40
VLAI
EPSS
Summary
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
49 references
Date Public
2016-06-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:15.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000121",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "GLSA-201705-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name": "USN-3024-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3024-1"
},
{
"name": "RHSA-2016:2069",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2069.html"
},
{
"name": "1037029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037029"
},
{
"name": "RHSA-2016:2068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2068.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "1036900",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036900"
},
{
"name": "91453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "RHSA-2016:2072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2072.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"name": "DSA-3611",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371"
},
{
"name": "RHSA-2016:2807",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "openSUSE-SU-2016:2252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"name": "JVN#89379547",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN89379547/index.html"
},
{
"name": "1036427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036427"
},
{
"name": "RHSA-2016:2070",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2070.html"
},
{
"name": "RHSA-2017:0457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name": "RHSA-2016:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"name": "1039606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039606"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"name": "RHSA-2016:2599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"name": "DSA-3609",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"name": "RHSA-2017:0455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "DSA-3614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"
},
{
"name": "RHSA-2017:0456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"name": "RHSA-2016:2071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2071.html"
},
{
"name": "USN-3027-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3027-1"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "GLSA-202107-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-39"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-17T07:06:23.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "JVNDB-2016-000121",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "GLSA-201705-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name": "USN-3024-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3024-1"
},
{
"name": "RHSA-2016:2069",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2069.html"
},
{
"name": "1037029",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037029"
},
{
"name": "RHSA-2016:2068",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2068.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "1036900",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036900"
},
{
"name": "91453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "RHSA-2016:2072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2072.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"name": "DSA-3611",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371"
},
{
"name": "RHSA-2016:2807",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "openSUSE-SU-2016:2252",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"name": "JVN#89379547",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN89379547/index.html"
},
{
"name": "1036427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036427"
},
{
"name": "RHSA-2016:2070",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2070.html"
},
{
"name": "RHSA-2017:0457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name": "RHSA-2016:2808",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"name": "1039606",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039606"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"name": "RHSA-2016:2599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"name": "DSA-3609",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"name": "RHSA-2017:0455",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "DSA-3614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"
},
{
"name": "RHSA-2017:0456",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"name": "RHSA-2016:2071",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2071.html"
},
{
"name": "USN-3027-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3027-1"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "GLSA-202107-39",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-39"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000121",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190212-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190212-0001/"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743480"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "GLSA-201705-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743738"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840"
},
{
"name": "http://tomcat.apache.org/security-9.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name": "USN-3024-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3024-1"
},
{
"name": "RHSA-2016:2069",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2069.html"
},
{
"name": "1037029",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037029"
},
{
"name": "RHSA-2016:2068",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2068.html"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "1036900",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036900"
},
{
"name": "91453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91453"
},
{
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name": "RHSA-2016:2072",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2072.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743722"
},
{
"name": "DSA-3611",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3611"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371"
},
{
"name": "RHSA-2016:2807",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "openSUSE-SU-2016:2252",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
},
{
"name": "JVN#89379547",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN89379547/index.html"
},
{
"name": "1036427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036427"
},
{
"name": "RHSA-2016:2070",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2070.html"
},
{
"name": "RHSA-2017:0457",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"name": "RHSA-2016:2808",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"name": "1039606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039606"
},
{
"name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1743742"
},
{
"name": "RHSA-2016:2599",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"name": "DSA-3609",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"name": "RHSA-2017:0455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"name": "DSA-3614",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3614"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "[dev] 20160621 CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E"
},
{
"name": "RHSA-2017:0456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"name": "RHSA-2016:2071",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2071.html"
},
{
"name": "USN-3027-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3027-1"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "GLSA-202107-39",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-39"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3092",
"datePublished": "2016-07-04T22:00:00.000Z",
"dateReserved": "2016-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:40:15.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-3092",
"date": "2026-05-27",
"epss": "0.40246",
"percentile": "0.97406"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-3092\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-07-04T22:59:04.303\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.\"},{\"lang\":\"es\",\"value\":\"La clase MultipartStream en Apache Commons Fileupload en versiones anteriores a 1.3.2, tal como se utiliza en Apache Tomcat 7.x en versiones anteriores a 7.0.70, 8.x en versiones anteriores a 8.0.36, 8.5.x en versiones anteriores a 8.5.3 y 9.x en versiones anteriores a 9.0.0.M7 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una cadena de l\u00edmite largo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:icewall_identity_manager:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE418D71-EAD6-4BB6-B6D6-88CE0FFA5A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:icewall_sso_agent_option:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"531FE660-C1A9-4C83-90BE-E38AA493D4F7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D0689FE-4BC0-4F53-8C79-34B21F9B86C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0C5F004-F7D8-45DB-B173-351C50B0EC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1902D2E-1896-4D3D-9E1C-3A675255072C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"454211D0-60A2-4661-AECA-4C0121413FEB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4752862B-7D26-4285-B8A0-CF082C758353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*\",\"matchCriteriaId\":\"58EA7199-3373-4F97-9907-3A479A02155E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4693BD36-E522-4C8E-9667-8F3E14A05EF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BBBC5EA-012C-4C5D-A61B-BAF134B300DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A358FDF-C249-4D7A-9445-8B9E7D9D40AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFF96F96-34DB-4EB3-BF59-11220673FA26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDF3E379-47D2-4C86-8C6D-8B3C25A0E1C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61E008F8-2F01-4DD8-853A-337B4B4163C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"701424A2-BB06-44B5-B468-7164E4F95529\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BA6388C-5B6E-4651-8AE3-EBCCF61C27E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F9A5B7E-33A9-4651-9BE1-371A0064B661\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F99252E8-A59C-48E1-B251-718D7FB3E399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E0DDEF6-A8EE-46C4-A046-A1F26E7C4E87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14B38892-9C00-4510-B7BA-F2A8F2CACCAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7409B064-D43E-489E-AEC6-0A767FB21737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F019268F-80C4-48FE-8164-E9DA0A3BAFF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EFBD214-FCFE-4F04-A903-66EFDA764B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"425D86B3-6BB9-410D-8125-F7CF87290AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EE3BB0D-1002-41E4-9BE8-875D97330057\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6622472B-8644-4D45-A54B-A215C3D64B83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B338F95B-2924-435B-827F-E64420A93244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"209D1349-7740-4DBE-80A5-E6343C62BAB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09E77C24-C265-403D-A193-B3739713F6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28616FA3-9A98-4AAE-9F94-3E77A14156EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"603A14BF-72BB-4A3D-8CBC-932DC45CEC06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C2E1C55-3C89-4F26-A981-1195BCC9BB5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31BB906B-812F-462C-9AEE-147C1418D865\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69A7FC28-A0EC-4516-9776-700343D2F4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4D811A9-4988-4C11-AA27-F5BE2B93D8D4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.1\",\"matchCriteriaId\":\"63CCC942-8906-421A-A1C8-E105B54912D5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E88A537F-F4D0-46B9-9E37-965233C2A355\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8C62EF-1B67-456A-9C66-755439CF8556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E9607B-4D28-460D-896B-E4B7FA22441E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A819E245-D641-4F19-9139-6C940504F6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C381275-10C5-4939-BCE3-0D1F3B3CB2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"81A31CA0-A209-4C49-AA06-C38E165E5B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08022987-B36B-4F63-88A5-A8F59195DF4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA563BF-A67A-477D-956A-167ABEF885C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF4B7557-EF35-451E-B55D-3296966695AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F1B937B-57E0-4E88-9E39-39012A924525\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8980E61E-27BE-4858-82B3-C0E8128AF521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88CE057E-2092-4C98-8D0C-75CF439D0A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F74A421-D019-4248-84B8-C70D4D9A8A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"305688F2-50A6-41FB-8614-BC589DB9A789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25966344-15D5-4101-9346-B06BFD2DFFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4F710E-06EA-48F4-AC6A-6F143950F015\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4936C2-0B2D-4C44-98C3-443090965F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48453405-2319-4327-9F4C-6F70B49452C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DD9544-6424-41A6-AEC0-EC19B8A10E71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4670E65-2E11-49A4-B661-57C2F60D411F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31002A23-4788-4BC7-AE11-A3C2AA31716D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7144EDDF-8265-4642-8EEB-ED52527E0A26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF06B5C1-B9DD-4673-A101-56E1E593ACDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D731065-626B-4425-8E49-F708DD457824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D850EA-E537-42C8-93B9-96E15CB26747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E037DA05-2BEF-4F64-B8BB-307247B6A05C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D395D95B-1F4A-420E-A0F6-609360AF7B69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD221BA-0AB6-4972-8AD9-5D37AC07762F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55B6565-96CB-4F6A-9A80-C3FB82F30546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3300AFE-49A4-4904-B9A0-5679F09FA01E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8C8C97F-6C9D-4647-AB8A-ADAA5536DDE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C6109D1-BC36-40C5-A02A-7AEBC949BAC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA8A7333-B4C3-4876-AE01-62F2FD315504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92993E23-D805-407B-8B87-11CEEE8B212F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AA28D3A-3EE5-4F90-B8F5-4943F7607DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C947E549-2459-4AFB-84A7-36BDA30B5F29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D55DF79-F9BE-4907-A4D8-96C4B11189ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14AB5787-82D7-4F78-BE93-4556AB7A7D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8E9453E-BC9B-4F77-85FA-BA15AC55C245\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7EF0518-73F9-47DB-8946-A8334936BEFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95AA8778-7833-4572-A71B-5FD89938CE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"242E47CE-EF69-4F8F-AB40-5AF2811674CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDA1555C-E55A-4E14-B786-BFEE3F09220B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8075E9A-DA7F-4A0B-8B4D-0CD951369111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"335A5320-6086-4B45-9903-82F6F92A584F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46B33408-C2E2-4E7C-9334-6AB98F13468C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F036676-9EFB-4A92-828E-A38905D594E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9728EE8-6029-4DF3-942E-E4ACC09111A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34E7DAC8-8419-45D1-A28F-14CF2FE1B6EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89B87EB5-4902-4C2A-878A-45185F7D0FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0596E6C-9ACE-4106-A2FF-BED7967C323F\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN89379547/index.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121\",\"source\":\"secalert@redhat.com\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2068.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2069.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2070.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2071.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2072.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2599.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2807.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2808.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0457.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743480\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743722\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743738\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743742\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-8.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-9.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3609\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3611\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3614\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/91453\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036427\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1036900\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1037029\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1039606\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-3024-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3027-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:0455\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:0456\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1349468\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/201705-09\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202107-39\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190212-0001/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://jvn.jp/en/jp/JVN89379547/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2068.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2069.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2070.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2071.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2072.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2599.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2807.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2808.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2017-0457.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743480\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743722\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743738\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1743742\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-8.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-9.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3611\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3614\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/91453\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1036427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1037029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1039606\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-3024-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3027-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:0455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:0456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1349468\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201705-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202107-39\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190212-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2016:2070
Vulnerability from csaf_redhat - Published: 2016-10-17 18:35 - Updated: 2026-03-04 16:43Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 5
Severity
Moderate
Notes
Topic: Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements.
All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.
Security Fix(es):
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
7.5 (High)
Affected products
Fixed
140 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.11, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nThis release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10. It includes bug fixes and enhancements. \n\nAll users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.\n\nSecurity Fix(es):\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2070",
"url": "https://access.redhat.com/errata/RHSA-2016:2070"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html",
"url": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "1375626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375626"
},
{
"category": "external",
"summary": "1376066",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376066"
},
{
"category": "external",
"summary": "1376186",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376186"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2070.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update on RHEL 5",
"tracking": {
"current_release_date": "2026-03-04T16:43:34+00:00",
"generator": {
"date": "2026-03-04T16:43:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2016:2070",
"initial_release_date": "2016-10-17T18:35:09+00:00",
"revision_history": [
{
"date": "2016-10-17T18:35:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-10-17T18:35:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-04T16:43:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remote-naming@1.0.13-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.17.35-1.Final_redhat_1.1.ep6.el5?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"product": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"product_id": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hornetq@2.3.25-16.SP14_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product_id": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-federation@2.5.4-13.SP11_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product_id": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-bindings@2.5.4-13.SP11_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@7.5.19-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"product": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"product_id": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-cxf@2.7.18-4.SP3_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-threads@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-sar@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-weld@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-web@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-naming@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-server@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cli@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-version@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-xts@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-logging@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-security@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-network@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-mail@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-connector@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-standalone@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-bundles@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-appclient@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-domain@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-core@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_id": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"product": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"product_id": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.11-2.Final_redhat_1.1.ep6.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-remote-naming@1.0.13-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossts@4.17.35-1.Final_redhat_1.1.ep6.el5?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"product_id": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hornetq@2.3.25-16.SP14_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product_id": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-federation@2.5.4-13.SP11_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product_id": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/picketlink-bindings@2.5.4-13.SP11_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@7.5.19-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"product_id": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-cxf@2.7.18-4.SP3_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-threads@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-sar@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-weld@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-web@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-naming@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-server@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cli@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-version@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-xts@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-logging@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-security@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-ee@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-network@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-mail@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-connector@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-standalone@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-bundles@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-appclient@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-domain@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-core@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-controller@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.11-1.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"product": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"product_id": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.11-2.Final_redhat_1.1.ep6.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src"
},
"product_reference": "apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src"
},
"product_reference": "hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src"
},
"product_reference": "jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src"
},
"product_reference": "picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch"
},
"product_reference": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 Server",
"product_id": "5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src"
},
"product_reference": "picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"relates_to_product_reference": "5Server-JBEAP-6.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T18:35:09+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2070"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:apache-cxf-0:2.7.18-4.SP3_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:hornetq-0:2.3.25-16.SP14_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cli-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-client-all-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-clustering-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-cmp-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-connector-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-core-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-embedded-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jdr-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jpa-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsf-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-logging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-mail-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-messaging-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-naming-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-network-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-pojo-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-protocol-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-remoting-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-sar-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-security-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-server-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-threads-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-transactions-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-version-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-web-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-webservices-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-weld-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-as-xts-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jboss-remote-naming-0:1.0.13-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-appclient-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-bundles-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-core-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-domain-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-javadocs-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.11-2.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-product-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-standalone-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.11-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossts-1:4.17.35-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:jbossweb-0:7.5.19-1.Final_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-bindings-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.noarch",
"5Server-JBEAP-6.4:picketlink-federation-0:2.5.4-13.SP11_redhat_1.1.ep6.el5.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
RHSA-2016:2071
Vulnerability from csaf_redhat - Published: 2016-10-17 18:14 - Updated: 2026-03-04 16:43Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.
This release of Red Hat JBoss Enterprise Application Platform 6.4.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References.
Security Fix(es):
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 6.4
Red Hat / Red Hat JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:6.4
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.11 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.10, and includes bug fixes and enhancements. Documentation for these changes will be available shortly from the Red Hat JBoss Enterprise Application Platform 6.4.11 Release Notes, linked to in the References. \n\nSecurity Fix(es):\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2071",
"url": "https://access.redhat.com/errata/RHSA-2016:2071"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/",
"url": "https://access.redhat.com/documentation/en/jboss-enterprise-application-platform/"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.4"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2071.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.11 update",
"tracking": {
"current_release_date": "2026-03-04T16:43:35+00:00",
"generator": {
"date": "2026-03-04T16:43:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2016:2071",
"initial_release_date": "2016-10-17T18:14:58+00:00",
"revision_history": [
{
"date": "2016-10-17T18:14:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-20T12:38:24+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-04T16:43:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4",
"product_id": "Red Hat JBoss Enterprise Application Platform 6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T18:14:58+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nThe JBoss server process must be restarted for the update to take effect.",
"product_ids": [
"Red Hat JBoss Enterprise Application Platform 6.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2071"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Enterprise Application Platform 6.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
RHSA-2016:2072
Vulnerability from csaf_redhat - Published: 2016-10-17 19:15 - Updated: 2026-03-04 16:43Summary
Red Hat Security Advisory: jboss-ec2-eap security and enhancement update for EAP 6.4.11
Severity
Moderate
Notes
Topic: An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EE applications. It is based on JBoss Application Server 7 and incorporates multiple open-source projects to provide a complete Java EE platform solution.
Security Fix(es):
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
Enhancement(s):
* The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.11.
Users of EAP 6.4.10 jboss-ec2-eap are advised to upgrade to these updated packages, which add this enhancement.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java EE applications. It is based on JBoss Application Server 7 and incorporates multiple open-source projects to provide a complete Java EE platform solution.\n\nSecurity Fix(es):\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\nEnhancement(s):\n\n* The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.11.\n\nUsers of EAP 6.4.10 jboss-ec2-eap are advised to upgrade to these updated packages, which add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2072",
"url": "https://access.redhat.com/errata/RHSA-2016:2072"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html",
"url": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/index.html"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2072.json"
}
],
"title": "Red Hat Security Advisory: jboss-ec2-eap security and enhancement update for EAP 6.4.11",
"tracking": {
"current_release_date": "2026-03-04T16:43:38+00:00",
"generator": {
"date": "2026-03-04T16:43:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2016:2072",
"initial_release_date": "2016-10-17T19:15:20+00:00",
"revision_history": [
{
"date": "2016-10-17T19:15:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-10-17T19:15:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-04T16:43:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-ec2-eap-samples@7.5.11-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product": {
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product_id": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-ec2-eap@7.5.11-1.Final_redhat_1.ep6.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"product": {
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"product_id": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jboss-ec2-eap@7.5.11-1.Final_redhat_1.ep6.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src"
},
"product_reference": "jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEAP-6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server",
"product_id": "6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch"
},
"product_reference": "jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEAP-6.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-10-17T19:15:20+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2072"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch",
"6Server-JBEAP-6.4:jboss-ec2-eap-0:7.5.11-1.Final_redhat_1.ep6.el6.src",
"6Server-JBEAP-6.4:jboss-ec2-eap-samples-0:7.5.11-1.Final_redhat_1.ep6.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
RHSA-2016:2599
Vulnerability from csaf_redhat - Published: 2016-11-03 08:12 - Updated: 2026-03-04 16:43Summary
Red Hat Security Advisory: tomcat security, bug fix, and enhancement update
Severity
Moderate
Notes
Topic: An update for tomcat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928)
Security Fix(es):
* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)
* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)
* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.
5.0 ()
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call.
4.3 (Medium)
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed.
5.3 (Medium)
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.
8.8 (High)
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.
4.3 (Medium)
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.
8.8 (High)
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.
6.3 (Medium)
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
7.5 (High)
Affected products
Fixed
88 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-0:7.0.69-10.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
67 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928)\n\nSecurity Fix(es):\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* A directory traversal flaw was found in Tomcat\u0027s RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a \u0027/..\u0027 in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174)\n\n* It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2599",
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.3_Release_Notes/index.html"
},
{
"category": "external",
"summary": "1133070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1133070"
},
{
"category": "external",
"summary": "1201409",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201409"
},
{
"category": "external",
"summary": "1208402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208402"
},
{
"category": "external",
"summary": "1221896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1221896"
},
{
"category": "external",
"summary": "1229476",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229476"
},
{
"category": "external",
"summary": "1240279",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1240279"
},
{
"category": "external",
"summary": "1265698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265698"
},
{
"category": "external",
"summary": "1277197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277197"
},
{
"category": "external",
"summary": "1287928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287928"
},
{
"category": "external",
"summary": "1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "1311089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311089"
},
{
"category": "external",
"summary": "1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "1311622",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311622"
},
{
"category": "external",
"summary": "1320853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1320853"
},
{
"category": "external",
"summary": "1327326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1327326"
},
{
"category": "external",
"summary": "1347774",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347774"
},
{
"category": "external",
"summary": "1347860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347860"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2599.json"
}
],
"title": "Red Hat Security Advisory: tomcat security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-03-04T16:43:40+00:00",
"generator": {
"date": "2026-03-04T16:43:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2016:2599",
"initial_release_date": "2016-11-03T08:12:12+00:00",
"revision_history": [
{
"date": "2016-11-03T08:12:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-03T08:12:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-04T16:43:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-webapps@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsp-2.2-api@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-admin-webapps@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-servlet-3.0-api@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-lib-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-lib-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-lib@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-el-2.2-api@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-javadoc@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-jsvc@7.0.69-10.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"product": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"product_id": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-docs-webapp@7.0.69-10.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat-0:7.0.69-10.el7.src",
"product": {
"name": "tomcat-0:7.0.69-10.el7.src",
"product_id": "tomcat-0:7.0.69-10.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat@7.0.69-10.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7ComputeNode"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation-optional"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-0:7.0.69-10.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-0:7.0.69-10.el7.src"
},
"product_reference": "tomcat-0:7.0.69-10.el7.src",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-javadoc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsvc-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-jsvc-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-lib-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-0:7.0.69-10.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
},
"product_reference": "tomcat-webapps-0:7.0.69-10.el7.noarch",
"relates_to_product_reference": "7Workstation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0230",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2015-02-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1191200"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: non-persistent DoS attack by feeding data by aborting an upload",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-0230"
},
{
"category": "external",
"summary": "RHBZ#1191200",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1191200"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-0230",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0230"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44",
"url": "http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55",
"url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9",
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9"
}
],
"release_date": "2014-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T08:12:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: non-persistent DoS attack by feeding data by aborting an upload"
},
{
"cve": "CVE-2015-5174",
"discovery_date": "2015-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1265698"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal flaw was found in Tomcat\u0027s RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a \u0027/..\u0027 in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: URL Normalization issue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5174"
},
{
"category": "external",
"summary": "RHBZ#1265698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1265698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5174",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5174",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5174"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/149",
"url": "http://seclists.org/bugtraq/2016/Feb/149"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T08:12:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: URL Normalization issue"
},
{
"cve": "CVE-2015-5345",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311089"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: directory disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5345"
},
{
"category": "external",
"summary": "RHBZ#1311089",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311089"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5345",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5345"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5345",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5345"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/146",
"url": "http://seclists.org/bugtraq/2016/Feb/146"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T08:12:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: directory disclosure"
},
{
"cve": "CVE-2015-5351",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311076"
}
],
"notes": [
{
"category": "description",
"text": "A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: CSRF token leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5351"
},
{
"category": "external",
"summary": "RHBZ#1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5351"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/148",
"url": "http://seclists.org/bugtraq/2016/Feb/148"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T08:12:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: CSRF token leak"
},
{
"cve": "CVE-2016-0706",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311087"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via StatusManagerServlet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0706"
},
{
"category": "external",
"summary": "RHBZ#1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/144",
"url": "http://seclists.org/bugtraq/2016/Feb/144"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T08:12:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via StatusManagerServlet"
},
{
"cve": "CVE-2016-0714",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311082"
}
],
"notes": [
{
"category": "description",
"text": "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Security Manager bypass via persistence mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0714"
},
{
"category": "external",
"summary": "RHBZ#1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/145",
"url": "http://seclists.org/bugtraq/2016/Feb/145"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T08:12:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Security Manager bypass via persistence mechanisms"
},
{
"cve": "CVE-2016-0763",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311093"
}
],
"notes": [
{
"category": "description",
"text": "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via setGlobalContext()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0763"
},
{
"category": "external",
"summary": "RHBZ#1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/147",
"url": "http://seclists.org/bugtraq/2016/Feb/147"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T08:12:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: security manager bypass via setGlobalContext()"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-03T08:12:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2599"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Client-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-0:7.0.69-10.el7.src",
"7Client-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.noarch",
"7Client:tomcat-0:7.0.69-10.el7.src",
"7Client:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Client:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Client:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Client:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Client:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Client:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-0:7.0.69-10.el7.src",
"7ComputeNode:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-lib-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7ComputeNode:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-0:7.0.69-10.el7.src",
"7Server-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.noarch",
"7Server:tomcat-0:7.0.69-10.el7.src",
"7Server:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Server:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Server:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Server:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Server:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Server:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-0:7.0.69-10.el7.src",
"7Workstation-optional:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation-optional:tomcat-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-0:7.0.69-10.el7.src",
"7Workstation:tomcat-admin-webapps-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-docs-webapp-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-el-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-javadoc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsp-2.2-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-jsvc-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-lib-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-servlet-3.0-api-0:7.0.69-10.el7.noarch",
"7Workstation:tomcat-webapps-0:7.0.69-10.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
RHSA-2016:2807
Vulnerability from csaf_redhat - Published: 2016-11-17 20:33 - Updated: 2026-03-04 16:43Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Web Server 2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release.
Security Fix(es):
* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)
* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests.
8.1 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.
8.8 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.
4.3 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.
8.8 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.
6.3 (Medium)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
7.5 (High)
Affected products
Fixed
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Web Server 2 for RHEL 6 and Red Hat JBoss Enterprise Web Server 2 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThis release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release.\n\nSecurity Fix(es):\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2807",
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "1311085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311085"
},
{
"category": "external",
"summary": "1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2807.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7",
"tracking": {
"current_release_date": "2026-03-04T16:43:41+00:00",
"generator": {
"date": "2026-03-04T16:43:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2016:2807",
"initial_release_date": "2016-11-17T20:33:11+00:00",
"revision_history": [
{
"date": "2016-11-17T20:33:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-17T21:53:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-04T16:43:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product": {
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_id": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-23_patch_05.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-maven-devel@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.54-23_patch_05.ep6.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"product": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"product_id": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-23_patch_05.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"product": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"product_id": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.54-23_patch_05.ep6.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src"
},
"product_reference": "tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server",
"product_id": "6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.src as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src"
},
"product_reference": "tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch as a component of Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Server",
"product_id": "7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JBEWS-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5346",
"discovery_date": "2014-06-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311085"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5346"
},
{
"category": "external",
"summary": "RHBZ#1311085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5346",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5346"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5346"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/143",
"url": "http://seclists.org/bugtraq/2016/Feb/143"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:33:11+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Session fixation"
},
{
"cve": "CVE-2015-5351",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311076"
}
],
"notes": [
{
"category": "description",
"text": "A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: CSRF token leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5351"
},
{
"category": "external",
"summary": "RHBZ#1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5351"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/148",
"url": "http://seclists.org/bugtraq/2016/Feb/148"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:33:11+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: CSRF token leak"
},
{
"cve": "CVE-2016-0706",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311087"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via StatusManagerServlet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0706"
},
{
"category": "external",
"summary": "RHBZ#1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/144",
"url": "http://seclists.org/bugtraq/2016/Feb/144"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:33:11+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via StatusManagerServlet"
},
{
"cve": "CVE-2016-0714",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311082"
}
],
"notes": [
{
"category": "description",
"text": "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Security Manager bypass via persistence mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0714"
},
{
"category": "external",
"summary": "RHBZ#1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/145",
"url": "http://seclists.org/bugtraq/2016/Feb/145"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:33:11+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Security Manager bypass via persistence mechanisms"
},
{
"cve": "CVE-2016-0763",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311093"
}
],
"notes": [
{
"category": "description",
"text": "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via setGlobalContext()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0763"
},
{
"category": "external",
"summary": "RHBZ#1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/147",
"url": "http://seclists.org/bugtraq/2016/Feb/147"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:33:11+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: security manager bypass via setGlobalContext()"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:33:11+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2807"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el6.src",
"6Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el6.noarch",
"6Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el6.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-0:7.0.54-23_patch_05.ep6.el7.src",
"7Server-JBEWS-2:tomcat7-admin-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-docs-webapp-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-el-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-javadoc-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-jsp-2.2-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-lib-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-log4j-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-maven-devel-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-servlet-3.0-api-0:7.0.54-23_patch_05.ep6.el7.noarch",
"7Server-JBEWS-2:tomcat7-webapps-0:7.0.54-23_patch_05.ep6.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
RHSA-2016:2808
Vulnerability from csaf_redhat - Published: 2016-11-17 20:32 - Updated: 2026-03-04 16:43Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Web Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for
Red Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release.
Security Fix(es):
* A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)
* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)
* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)
* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.
4.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.
6.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 2.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:2.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Web Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat JBoss Web Server 2.1.2 serves as a replacement for\nRed Hat JBoss Web Server 2.1.1. It contains security fixes for the Tomcat 7 component. Only users of the Tomcat 7 component in JBoss Web Server need to apply the fixes delivered in this release.\n\nSecurity Fix(es):\n\n* A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351)\n\n* It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714)\n\n* A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346)\n\n* It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:2808",
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=distributions\u0026version=2.1.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=distributions\u0026version=2.1.2"
},
{
"category": "external",
"summary": "1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "1311085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311085"
},
{
"category": "external",
"summary": "1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2808.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 2.1.2 security update for Tomcat 7",
"tracking": {
"current_release_date": "2026-03-04T16:43:42+00:00",
"generator": {
"date": "2026-03-04T16:43:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2016:2808",
"initial_release_date": "2016-11-17T20:32:58+00:00",
"revision_history": [
{
"date": "2016-11-17T20:32:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-11-17T22:03:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-04T16:43:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 2.1",
"product": {
"name": "Red Hat JBoss Web Server 2.1",
"product_id": "Red Hat JBoss Web Server 2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-5346",
"discovery_date": "2014-06-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311085"
}
],
"notes": [
{
"category": "description",
"text": "A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Session fixation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5346"
},
{
"category": "external",
"summary": "RHBZ#1311085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5346",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5346"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5346"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/143",
"url": "http://seclists.org/bugtraq/2016/Feb/143"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:32:58+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Session fixation"
},
{
"cve": "CVE-2015-5351",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311076"
}
],
"notes": [
{
"category": "description",
"text": "A CSRF flaw was found in Tomcat\u0027s the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: CSRF token leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5351"
},
{
"category": "external",
"summary": "RHBZ#1311076",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311076"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5351",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5351"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5351"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/148",
"url": "http://seclists.org/bugtraq/2016/Feb/148"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:32:58+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: CSRF token leak"
},
{
"cve": "CVE-2016-0706",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311087"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via StatusManagerServlet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0706"
},
{
"category": "external",
"summary": "RHBZ#1311087",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311087"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0706"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/144",
"url": "http://seclists.org/bugtraq/2016/Feb/144"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:32:58+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via StatusManagerServlet"
},
{
"cve": "CVE-2016-0714",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311082"
}
],
"notes": [
{
"category": "description",
"text": "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Security Manager bypass via persistence mechanisms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0714"
},
{
"category": "external",
"summary": "RHBZ#1311082",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311082"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0714"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/145",
"url": "http://seclists.org/bugtraq/2016/Feb/145"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:32:58+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Security Manager bypass via persistence mechanisms"
},
{
"cve": "CVE-2016-0763",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311093"
}
],
"notes": [
{
"category": "description",
"text": "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via setGlobalContext()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0763"
},
{
"category": "external",
"summary": "RHBZ#1311093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311093"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0763",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0763"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0763"
},
{
"category": "external",
"summary": "http://seclists.org/bugtraq/2016/Feb/147",
"url": "http://seclists.org/bugtraq/2016/Feb/147"
}
],
"release_date": "2016-02-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:32:58+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: security manager bypass via setGlobalContext()"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 2.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-11-17T20:32:58+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 2.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:2808"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 2.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
}
]
}
RHSA-2017:0455
Vulnerability from csaf_redhat - Published: 2017-03-07 19:06 - Updated: 2026-05-14 22:18Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.
7.0 (High)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
7.5 (High)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
4.2 (Medium)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.
7.8 (High)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
4.2 (Medium)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.
6.5 (Medium)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance.
8.1 (High)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body.
7.5 (High)
Affected products
Fixed
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
76 references
Acknowledgments
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s):\n\nThis enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:0455",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "external",
"summary": "JWS-267",
"url": "https://issues.redhat.com/browse/JWS-267"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0455.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update",
"tracking": {
"current_release_date": "2026-05-14T22:18:35+00:00",
"generator": {
"date": "2026-05-14T22:18:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:0455",
"initial_release_date": "2017-03-07T19:06:40+00:00",
"revision_history": [
{
"date": "2017-03-07T19:06:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-03-07T19:06:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:18:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 3.1 for RHEL 6",
"product": {
"name": "Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-envers-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-c3p0-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-core-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product": {
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_id": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-entitymanager-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_id": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_id": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.3.5-2.Final_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_id": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat8@1.3.5-2.Final_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"product": {
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"product_id": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-runtime@1-3.jbcs.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"product": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"product_id": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsvc@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-selinux@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"product_id": "tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.70-16.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-log4j@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-admin-webapps@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-jsvc@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-el-2.2-api@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-docs-webapp@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-servlet-3.1-api@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-webapps@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-selinux@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-jsp-2.3-api@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-lib@8.0.36-17.ep7.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"product": {
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"product_id": "tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-javadoc@8.0.36-17.ep7.el6?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"product": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"product_id": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.0.15-17.redhat_2.jbcs.el6?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"product": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"product_id": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"product": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"product_id": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.70-16.ep7.el6.src",
"product": {
"name": "tomcat7-0:7.0.70-16.ep7.el6.src",
"product_id": "tomcat7-0:7.0.70-16.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.70-16.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.36-17.ep7.el6.src",
"product": {
"name": "tomcat8-0:8.0.36-17.ep7.el6.src",
"product_id": "tomcat8-0:8.0.36-17.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.36-17.ep7.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"product": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"product_id": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.0.15-17.redhat_2.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.0.15-17.redhat_2.jbcs.el6?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product_id": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.8-9.redhat_9.ep7.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product_id": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.0.15-17.redhat_2.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.0.15-17.redhat_2.jbcs.el6?arch=i686\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product_id": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.8-9.redhat_9.ep7.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product_id": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src"
},
"product_reference": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch"
},
"product_reference": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch"
},
"product_reference": "jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src"
},
"product_reference": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686"
},
"product_reference": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src"
},
"product_reference": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64"
},
"product_reference": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686"
},
"product_reference": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64"
},
"product_reference": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch"
},
"product_reference": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src"
},
"product_reference": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.70-16.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src"
},
"product_reference": "tomcat7-0:7.0.70-16.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.36-17.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src"
},
"product_reference": "tomcat8-0:8.0.36-17.ep7.el6.src",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-lib-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6",
"product_id": "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
},
"product_reference": "tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch",
"relates_to_product_reference": "6Server-JWS-3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0762",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390526"
}
],
"notes": [
{
"category": "description",
"text": "The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: timing attack in Realm implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0762"
},
{
"category": "external",
"summary": "RHBZ#1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:40+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: timing attack in Realm implementation"
},
{
"cve": "CVE-2016-1240",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376712"
}
],
"notes": [
{
"category": "description",
"text": "It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1240"
},
{
"category": "external",
"summary": "RHBZ#1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240"
},
{
"category": "external",
"summary": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt",
"url": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:40+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:40+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
},
{
"cve": "CVE-2016-5018",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390525"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via IntrospectHelper utility function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5018"
},
{
"category": "external",
"summary": "RHBZ#1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:40+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via IntrospectHelper utility function"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2016-6325",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1367447"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: tomcat writable config files allow privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6325"
},
{
"category": "external",
"summary": "RHBZ#1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6325",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325"
}
],
"release_date": "2016-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:40+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: tomcat writable config files allow privilege escalation"
},
{
"cve": "CVE-2016-6794",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390520"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that when a SecurityManager was configured, Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: system property disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6794"
},
{
"category": "external",
"summary": "RHBZ#1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:40+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: system property disclosure"
},
{
"cve": "CVE-2016-6796",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390515"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via JSP Servlet config parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6796"
},
{
"category": "external",
"summary": "RHBZ#1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:40+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via JSP Servlet config parameters"
},
{
"cve": "CVE-2016-6797",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390493"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unrestricted access to global resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6797"
},
{
"category": "external",
"summary": "RHBZ#1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:40+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: unrestricted access to global resources"
},
{
"cve": "CVE-2016-6816",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397484"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Applying the fix provided to mitigate this issue may cause Tomcat to return 400 status after updating. For more information, refer to https://access.redhat.com/solutions/2891171",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6816"
},
{
"category": "external",
"summary": "RHBZ#1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2991951",
"url": "https://access.redhat.com/articles/2991951"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/2891171",
"url": "https://access.redhat.com/solutions/2891171"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:40+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests"
},
{
"cve": "CVE-2016-8735",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397485"
}
],
"notes": [
{
"category": "description",
"text": "The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8735"
},
{
"category": "external",
"summary": "RHBZ#1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:40+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-12T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener"
},
{
"cve": "CVE-2016-8745",
"discovery_date": "2016-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1403824"
}
],
"notes": [
{
"category": "description",
"text": "A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: information disclosure due to incorrect Processor sharing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8745"
},
{
"category": "external",
"summary": "RHBZ#1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9"
}
],
"release_date": "2016-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:40+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"6Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.src",
"6Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.noarch",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.src",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.i686",
"6Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el6.x86_64",
"6Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.src",
"6Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.i686",
"6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el6.x86_64",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el6.src",
"6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el6.src",
"6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el6.noarch",
"6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el6.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: information disclosure due to incorrect Processor sharing"
}
]
}
RHSA-2017:0456
Vulnerability from csaf_redhat - Published: 2017-03-07 19:06 - Updated: 2026-05-14 22:18Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
* This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-268)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.
7.0 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
7.5 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
4.2 (Medium)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.
7.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
4.2 (Medium)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.
6.5 (Medium)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance.
8.1 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body.
7.5 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
76 references
Acknowledgments
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Web Server 3 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s):\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 7. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-268)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:0456",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "external",
"summary": "JWS-268",
"url": "https://issues.redhat.com/browse/JWS-268"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0456.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update",
"tracking": {
"current_release_date": "2026-05-14T22:18:35+00:00",
"generator": {
"date": "2026-05-14T22:18:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:0456",
"initial_release_date": "2017-03-07T19:06:06+00:00",
"revision_history": [
{
"date": "2017-03-07T19:06:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-03-07T19:06:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:18:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 3.1 for RHEL 7",
"product": {
"name": "Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
},
{
"branches": [
{
"category": "product_version",
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-envers-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-c3p0-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-core-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product": {
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_id": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-entitymanager-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_id": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_id": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat8@1.3.5-2.Final_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_id": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.3.5-2.Final_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"product": {
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"product_id": "jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-runtime@1-3.jbcs.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"product": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"product_id": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-selinux@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsvc@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-lib@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"product": {
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"product_id": "tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.70-16.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-log4j@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-admin-webapps@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-jsvc@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-servlet-3.1-api@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-el-2.2-api@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-docs-webapp@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-selinux@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-jsp-2.3-api@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-webapps@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-lib@8.0.36-17.ep7.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"product": {
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"product_id": "tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8-javadoc@8.0.36-17.ep7.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"product": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"product_id": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/hibernate4-eap6@4.2.23-1.Final_redhat_1.1.ep6.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.0.15-17.redhat_2.jbcs.el7?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"product": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"product_id": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mod_cluster@1.3.5-2.Final_redhat_2.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"product_id": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon@1.0.15-1.redhat_2.1.jbcs.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"product": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"product_id": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-vault@1.0.8-9.Final_redhat_2.1.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat7-0:7.0.70-16.ep7.el7.src",
"product": {
"name": "tomcat7-0:7.0.70-16.ep7.el7.src",
"product_id": "tomcat7-0:7.0.70-16.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat7@7.0.70-16.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat8-0:8.0.36-17.ep7.el7.src",
"product": {
"name": "tomcat8-0:8.0.36-17.ep7.el7.src",
"product_id": "tomcat8-0:8.0.36-17.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat8@8.0.36-17.ep7.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"product": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"product_id": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo@1.0.15-17.redhat_2.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product_id": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbcs-httpd24-apache-commons-daemon-jsvc@1.0.15-17.redhat_2.jbcs.el7?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product_id": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native@1.2.8-9.redhat_9.ep7.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product_id": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.8-9.redhat_9.ep7.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src"
},
"product_reference": "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch"
},
"product_reference": "hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64"
},
"product_reference": "jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch"
},
"product_reference": "jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src"
},
"product_reference": "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src"
},
"product_reference": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64"
},
"product_reference": "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64"
},
"product_reference": "tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch"
},
"product_reference": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src"
},
"product_reference": "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-0:7.0.70-16.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src"
},
"product_reference": "tomcat7-0:7.0.70-16.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-lib-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch"
},
"product_reference": "tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-0:8.0.36-17.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src"
},
"product_reference": "tomcat8-0:8.0.36-17.ep7.el7.src",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-lib-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7",
"product_id": "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
},
"product_reference": "tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch",
"relates_to_product_reference": "7Server-JWS-3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0762",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390526"
}
],
"notes": [
{
"category": "description",
"text": "The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: timing attack in Realm implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0762"
},
{
"category": "external",
"summary": "RHBZ#1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:06+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: timing attack in Realm implementation"
},
{
"cve": "CVE-2016-1240",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376712"
}
],
"notes": [
{
"category": "description",
"text": "It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1240"
},
{
"category": "external",
"summary": "RHBZ#1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240"
},
{
"category": "external",
"summary": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt",
"url": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:06+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:06+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
},
{
"cve": "CVE-2016-5018",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390525"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via IntrospectHelper utility function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5018"
},
{
"category": "external",
"summary": "RHBZ#1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:06+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via IntrospectHelper utility function"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2016-6325",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1367447"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: tomcat writable config files allow privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6325"
},
{
"category": "external",
"summary": "RHBZ#1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6325",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325"
}
],
"release_date": "2016-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:06+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: tomcat writable config files allow privilege escalation"
},
{
"cve": "CVE-2016-6794",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390520"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that when a SecurityManager was configured, Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: system property disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6794"
},
{
"category": "external",
"summary": "RHBZ#1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:06+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: system property disclosure"
},
{
"cve": "CVE-2016-6796",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390515"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via JSP Servlet config parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6796"
},
{
"category": "external",
"summary": "RHBZ#1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:06+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via JSP Servlet config parameters"
},
{
"cve": "CVE-2016-6797",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390493"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unrestricted access to global resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6797"
},
{
"category": "external",
"summary": "RHBZ#1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:06+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: unrestricted access to global resources"
},
{
"cve": "CVE-2016-6816",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397484"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Applying the fix provided to mitigate this issue may cause Tomcat to return 400 status after updating. For more information, refer to https://access.redhat.com/solutions/2891171",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6816"
},
{
"category": "external",
"summary": "RHBZ#1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2991951",
"url": "https://access.redhat.com/articles/2991951"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/2891171",
"url": "https://access.redhat.com/solutions/2891171"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:06+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests"
},
{
"cve": "CVE-2016-8735",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397485"
}
],
"notes": [
{
"category": "description",
"text": "The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8735"
},
{
"category": "external",
"summary": "RHBZ#1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:06+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-12T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener"
},
{
"cve": "CVE-2016-8745",
"discovery_date": "2016-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1403824"
}
],
"notes": [
{
"category": "description",
"text": "A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: information disclosure due to incorrect Processor sharing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8745"
},
{
"category": "external",
"summary": "RHBZ#1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9"
}
],
"release_date": "2016-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:06:06+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted automatically.",
"product_ids": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-JWS-3.1:hibernate4-c3p0-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-core-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.src",
"7Server-JWS-3.1:hibernate4-entitymanager-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:hibernate4-envers-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.noarch",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.src",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1:1.0.15-17.redhat_2.jbcs.el7.x86_64",
"7Server-JWS-3.1:jbcs-httpd24-runtime-0:1-3.jbcs.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.5-2.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.src",
"7Server-JWS-3.1:tomcat-native-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-9.redhat_9.ep7.el7.x86_64",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-0:7.0.70-16.ep7.el7.src",
"7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-lib-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-16.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-0:8.0.36-17.ep7.el7.src",
"7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-lib-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-17.ep7.el7.noarch",
"7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-17.ep7.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: information disclosure due to incorrect Processor sharing"
}
]
}
RHSA-2017:0457
Vulnerability from csaf_redhat - Published: 2017-03-07 19:05 - Updated: 2026-05-14 22:23Summary
Red Hat Security Advisory: Red Hat JBoss Web Server security and enhancement update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Web Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
* The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
* It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
* This enhancement update adds the Red Hat JBoss Web Server 3.1.0. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server.
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 3.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:3.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.
7.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 3.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:3.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 3.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:3.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
4.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 3.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:3.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.
7.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 3.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:3.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 3.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:3.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
4.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 3.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:3.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 3.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:3.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 3.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:3.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 3.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:3.1
|
— |
Vendor Fix
fix
|
Threats
Exploit Status
CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Impact
Important
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Web Server 3.1
Red Hat / Red Hat JBoss Web Server
|
cpe:/a:redhat:jboss_enterprise_web_server:3.1
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
79 references
Acknowledgments
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Web Server.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.\n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security.\n\nEnhancement(s):\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.1.0. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server.\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:0457",
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=3.1.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=3.1.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.1_Release_Notes/index.html",
"url": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.1_Release_Notes/index.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/httpoxy",
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/2435491",
"url": "https://access.redhat.com/solutions/2435491"
},
{
"category": "external",
"summary": "1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0457.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Web Server security and enhancement update",
"tracking": {
"current_release_date": "2026-05-14T22:23:32+00:00",
"generator": {
"date": "2026-05-14T22:23:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2017:0457",
"initial_release_date": "2017-03-07T19:05:59+00:00",
"revision_history": [
{
"date": "2017-03-07T19:05:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-03-07T19:05:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:23:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Web Server 3.1",
"product": {
"name": "Red Hat JBoss Web Server 3.1",
"product_id": "Red Hat JBoss Web Server 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Web Server"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-0762",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390526"
}
],
"notes": [
{
"category": "description",
"text": "The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: timing attack in Realm implementation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0762"
},
{
"category": "external",
"summary": "RHBZ#1390526",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390526"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:05:59+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: timing attack in Realm implementation"
},
{
"cve": "CVE-2016-1240",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1376712"
}
],
"notes": [
{
"category": "description",
"text": "It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-1240"
},
{
"category": "external",
"summary": "RHBZ#1376712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1376712"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-1240",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1240"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1240"
},
{
"category": "external",
"summary": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt",
"url": "http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt"
}
],
"release_date": "2016-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:05:59+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation"
},
{
"cve": "CVE-2016-3092",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-06-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1349468"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Usage of vulnerable FileUpload package can result in denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "RHBZ#1349468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349468"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3092",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3092"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-7.html",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-8.html",
"url": "http://tomcat.apache.org/security-8.html"
}
],
"release_date": "2016-06-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:05:59+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: Usage of vulnerable FileUpload package can result in denial of service"
},
{
"cve": "CVE-2016-5018",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390525"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via IntrospectHelper utility function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5018"
},
{
"category": "external",
"summary": "RHBZ#1390525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390525"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5018"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:05:59+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via IntrospectHelper utility function"
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2016-6325",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2016-08-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1367447"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: tomcat writable config files allow privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6325"
},
{
"category": "external",
"summary": "RHBZ#1367447",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6325",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6325"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6325"
}
],
"release_date": "2016-10-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:05:59+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: tomcat writable config files allow privilege escalation"
},
{
"cve": "CVE-2016-6794",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390520"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that when a SecurityManager was configured, Tomcat\u0027s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: system property disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6794"
},
{
"category": "external",
"summary": "RHBZ#1390520",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390520"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6794",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6794"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:05:59+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: system property disclosure"
},
{
"cve": "CVE-2016-6796",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390515"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: security manager bypass via JSP Servlet config parameters",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6796"
},
{
"category": "external",
"summary": "RHBZ#1390515",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390515"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6796",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6796"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:05:59+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: security manager bypass via JSP Servlet config parameters"
},
{
"cve": "CVE-2016-6797",
"discovery_date": "2016-10-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1390493"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: unrestricted access to global resources",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6797"
},
{
"category": "external",
"summary": "RHBZ#1390493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6797"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37"
}
],
"release_date": "2016-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:05:59+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: unrestricted access to global resources"
},
{
"cve": "CVE-2016-6816",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397484"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Applying the fix provided to mitigate this issue may cause Tomcat to return 400 status after updating. For more information, refer to https://access.redhat.com/solutions/2891171",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-6816"
},
{
"category": "external",
"summary": "RHBZ#1397484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-6816",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6816"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/2991951",
"url": "https://access.redhat.com/articles/2991951"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/2891171",
"url": "https://access.redhat.com/solutions/2891171"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:05:59+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests"
},
{
"cve": "CVE-2016-8735",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2016-11-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1397485"
}
],
"notes": [
{
"category": "description",
"text": "The JmxRemoteLifecycleListener was not updated to take account of Oracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8735"
},
{
"category": "external",
"summary": "RHBZ#1397485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397485"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8735"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2016-11-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:05:59+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2023-05-12T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener"
},
{
"cve": "CVE-2016-8745",
"discovery_date": "2016-12-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1403824"
}
],
"notes": [
{
"category": "description",
"text": "A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: information disclosure due to incorrect Processor sharing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Web Server 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8745"
},
{
"category": "external",
"summary": "RHBZ#1403824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1403824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8745",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8745"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49",
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74",
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40"
},
{
"category": "external",
"summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9",
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9"
}
],
"release_date": "2016-12-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-03-07T19:05:59+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Web Server 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:0457"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss Web Server 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat: information disclosure due to incorrect Processor sharing"
}
]
}
SUSE-SU-2016:2188-1
Vulnerability from csaf_suse - Published: 2016-08-30 07:49 - Updated: 2016-08-30 07:49Summary
Security update for tomcat
Severity
Moderate
Notes
Title of the patch: Security update for tomcat
Description of the patch:
This update for tomcat fixes the following issues:
- CVE-2016-3092: Usage of vulnerable FileUpload package can result in denial of service. (bsc#986359)
- CVE-2016-5388: Setting HTTP_PROXY environment variable via Proxy header. (bsc#988489)
Patchnames: SUSE-SLE-SERVER-12-SP1-2016-1293
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-lib-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-webapps-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.32-8.7.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-lib-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1:tomcat-webapps-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.32-8.7.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tomcat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for tomcat fixes the following issues:\n\n- CVE-2016-3092: Usage of vulnerable FileUpload package can result in denial of service. (bsc#986359)\n- CVE-2016-5388: Setting HTTP_PROXY environment variable via Proxy header. (bsc#988489)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-SP1-2016-1293",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2188-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2016:2188-1",
"url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162188-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2016:2188-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002240.html"
},
{
"category": "self",
"summary": "SUSE Bug 986359",
"url": "https://bugzilla.suse.com/986359"
},
{
"category": "self",
"summary": "SUSE Bug 988489",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3092 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3092/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5388 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5388/"
}
],
"title": "Security update for tomcat",
"tracking": {
"current_release_date": "2016-08-30T07:49:43Z",
"generator": {
"date": "2016-08-30T07:49:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2016:2188-1",
"initial_release_date": "2016-08-30T07:49:43Z",
"revision_history": [
{
"date": "2016-08-30T07:49:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tomcat-8.0.32-8.7.noarch",
"product": {
"name": "tomcat-8.0.32-8.7.noarch",
"product_id": "tomcat-8.0.32-8.7.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-admin-webapps-8.0.32-8.7.noarch",
"product": {
"name": "tomcat-admin-webapps-8.0.32-8.7.noarch",
"product_id": "tomcat-admin-webapps-8.0.32-8.7.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-docs-webapp-8.0.32-8.7.noarch",
"product": {
"name": "tomcat-docs-webapp-8.0.32-8.7.noarch",
"product_id": "tomcat-docs-webapp-8.0.32-8.7.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-el-3_0-api-8.0.32-8.7.noarch",
"product": {
"name": "tomcat-el-3_0-api-8.0.32-8.7.noarch",
"product_id": "tomcat-el-3_0-api-8.0.32-8.7.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-javadoc-8.0.32-8.7.noarch",
"product": {
"name": "tomcat-javadoc-8.0.32-8.7.noarch",
"product_id": "tomcat-javadoc-8.0.32-8.7.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"product": {
"name": "tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"product_id": "tomcat-jsp-2_3-api-8.0.32-8.7.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-lib-8.0.32-8.7.noarch",
"product": {
"name": "tomcat-lib-8.0.32-8.7.noarch",
"product_id": "tomcat-lib-8.0.32-8.7.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"product": {
"name": "tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"product_id": "tomcat-servlet-3_1-api-8.0.32-8.7.noarch"
}
},
{
"category": "product_version",
"name": "tomcat-webapps-8.0.32-8.7.noarch",
"product": {
"name": "tomcat-webapps-8.0.32-8.7.noarch",
"product_id": "tomcat-webapps-8.0.32-8.7.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:tomcat-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-javadoc-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:tomcat-lib-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-lib-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server 12 SP1",
"product_id": "SUSE Linux Enterprise Server 12 SP1:tomcat-webapps-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-webapps-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-admin-webapps-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-admin-webapps-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-docs-webapp-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-docs-webapp-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-el-3_0-api-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-el-3_0-api-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-javadoc-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-javadoc-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-jsp-2_3-api-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-lib-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-lib-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-servlet-3_1-api-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat-webapps-8.0.32-8.7.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.32-8.7.noarch"
},
"product_reference": "tomcat-webapps-8.0.32-8.7.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3092",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3092"
}
],
"notes": [
{
"category": "general",
"text": "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.32-8.7.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3092",
"url": "https://www.suse.com/security/cve/CVE-2016-3092"
},
{
"category": "external",
"summary": "SUSE Bug 1068865 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/1068865"
},
{
"category": "external",
"summary": "SUSE Bug 986359 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/986359"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-3092",
"url": "https://bugzilla.suse.com/988489"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.32-8.7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.32-8.7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-30T07:49:43Z",
"details": "important"
}
],
"title": "CVE-2016-3092"
},
{
"cve": "CVE-2016-5388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5388"
}
],
"notes": [
{
"category": "general",
"text": "Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.32-8.7.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5388",
"url": "https://www.suse.com/security/cve/CVE-2016-5388"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-5388",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-5388",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-5388",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-5388",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-5388",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-5388",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-5388",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989125 for CVE-2016-5388",
"url": "https://bugzilla.suse.com/989125"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-5388",
"url": "https://bugzilla.suse.com/989174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.32-8.7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server 12 SP1:tomcat-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-admin-webapps-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-docs-webapp-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-el-3_0-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-javadoc-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-jsp-2_3-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-lib-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-servlet-3_1-api-8.0.32-8.7.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:tomcat-webapps-8.0.32-8.7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2016-08-30T07:49:43Z",
"details": "moderate"
}
],
"title": "CVE-2016-5388"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…