CVE-2008-5515 (GCVE-0-2008-5515)

Vulnerability from cvelistv5 – Published: 2009-06-16 20:26 – Updated: 2024-08-07 10:56

Summary

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://tomcat.apache.org/security-4.html	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=127420533226623&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/39317	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.vupen.com/english/advisories/2009/1535	vdb-entryx_refsource_VUPEN
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.debian.org/security/2011/dsa-2207	vendor-advisoryx_refsource_DEBIAN
	http://jvn.jp/en/jp/JVN63832775/index.html	third-party-advisoryx_refsource_JVN
	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/37460	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3056	vdb-entryx_refsource_VUPEN
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://secunia.com/advisories/35788	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=127420533226623&w=2	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/archive/1/504202/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.securityfocus.com/bid/35263	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2009/1520	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/44183	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/1856	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/504170/100…	mailing-listx_refsource_BUGTRAQ
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securityfocus.com/archive/1/507985/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/42368	third-party-advisoryx_refsource_SECUNIA
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://secunia.com/advisories/35393	third-party-advisoryx_refsource_SECUNIA
	http://support.apple.com/kb/HT4077	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/35685	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
	http://www.fujitsu.com/global/support/software/se…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://marc.info/?l=bugtraq&m=129070310906557&w=2	vendor-advisoryx_refsource_HP
	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisoryx_refsource_HP
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://marc.info/?l=bugtraq&m=129070310906557&w=2	vendor-advisoryx_refsource_HP
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vupen.com/english/advisories/2009/3316	vdb-entryx_refsource_VUPEN
	https://lists.apache.org/thread.html/29dc6c2b6257…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/06cfb634bc7b…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/c62b0e3a7bf2…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/8dcaf7c3894d…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r584a714f141…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rb71997f506c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r3aacc40356d…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:56:46.803Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "HPSBMA02535",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
          },
          {
            "name": "39317",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39317"
          },
          {
            "name": "MDVSA-2009:138",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"
          },
          {
            "name": "ADV-2009-1535",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1535"
          },
          {
            "name": "FEDORA-2009-11356",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"
          },
          {
            "name": "DSA-2207",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2207"
          },
          {
            "name": "JVN#63832775",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN63832775/index.html"
          },
          {
            "name": "HPSBUX02860",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "37460",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37460"
          },
          {
            "name": "ADV-2010-3056",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3056"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "35788",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35788"
          },
          {
            "name": "SSRT100029",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
          },
          {
            "name": "20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"
          },
          {
            "name": "APPLE-SA-2010-03-29-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "35263",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35263"
          },
          {
            "name": "ADV-2009-1520",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1520"
          },
          {
            "name": "44183",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44183"
          },
          {
            "name": "ADV-2009-1856",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1856"
          },
          {
            "name": "20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"
          },
          {
            "name": "MDVSA-2010:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "42368",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42368"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "35393",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35393"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "name": "SUSE-SR:2010:008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
          },
          {
            "name": "FEDORA-2009-11374",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6445",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"
          },
          {
            "name": "35685",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35685"
          },
          {
            "name": "FEDORA-2009-11352",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
          },
          {
            "name": "SUSE-SR:2009:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
          },
          {
            "name": "HPSBUX02579",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
          },
          {
            "name": "SSRT101146",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "MDVSA-2009:136",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
          },
          {
            "name": "263529",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
          },
          {
            "name": "SSRT100203",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:10422",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"
          },
          {
            "name": "oval:org.mitre.oval:def:19452",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-06-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:08:25",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "name": "HPSBMA02535",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
        },
        {
          "name": "39317",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39317"
        },
        {
          "name": "MDVSA-2009:138",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"
        },
        {
          "name": "ADV-2009-1535",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1535"
        },
        {
          "name": "FEDORA-2009-11356",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"
        },
        {
          "name": "DSA-2207",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2207"
        },
        {
          "name": "JVN#63832775",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN63832775/index.html"
        },
        {
          "name": "HPSBUX02860",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
        },
        {
          "name": "37460",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37460"
        },
        {
          "name": "ADV-2010-3056",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3056"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "35788",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35788"
        },
        {
          "name": "SSRT100029",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
        },
        {
          "name": "20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"
        },
        {
          "name": "APPLE-SA-2010-03-29-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
        },
        {
          "name": "35263",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35263"
        },
        {
          "name": "ADV-2009-1520",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1520"
        },
        {
          "name": "44183",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44183"
        },
        {
          "name": "ADV-2009-1856",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1856"
        },
        {
          "name": "20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"
        },
        {
          "name": "MDVSA-2010:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "name": "42368",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42368"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "name": "35393",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35393"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4077"
        },
        {
          "name": "SUSE-SR:2010:008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
        },
        {
          "name": "FEDORA-2009-11374",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6445",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"
        },
        {
          "name": "35685",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35685"
        },
        {
          "name": "FEDORA-2009-11352",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
        },
        {
          "name": "SUSE-SR:2009:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
        },
        {
          "name": "HPSBUX02579",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
        },
        {
          "name": "SSRT101146",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
        },
        {
          "name": "MDVSA-2009:136",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
        },
        {
          "name": "263529",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
        },
        {
          "name": "SSRT100203",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:10422",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"
        },
        {
          "name": "oval:org.mitre.oval:def:19452",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-5515",
    "datePublished": "2009-06-16T20:26:00",
    "dateReserved": "2008-12-12T00:00:00",
    "dateUpdated": "2024-08-07T10:56:46.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-5515\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-06-16T21:00:00.313\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.\"},{\"lang\":\"es\",\"value\":\"Apache Tomcat desde v4.1.0 hasta v4.1.39,  desde v5.5.0 hasta v5.5.27, desde v6.0.0 hasta v6.0.18, y posiblemente versiones anteriores que normalizan la ruta del directorio objetivo antes de filtrar la cadena de petici\u00f3n cuando se utiliza el m\u00e9todo RequestDispatcher, lo que permitir\u00eda atacantes remotos evitar las restricciones de acceso previstas y que llevar\u00eda a un salto de directorio a trav\u00e9s de secuencias ..(punto punto) y el directorio WEB-INF en una petici\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E300013-0CE7-4313-A553-74A6A247B3E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08D7414-8D0C-45D6-8E87-679DF0201D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60CFD9CA-1878-4C74-A9BD-5D581736E6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C92F3744-C8F9-4E29-BF1A-25E03A32F2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"084B3227-FE22-43E3-AE06-7BB257018690\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D536FF4-7582-4351-ABE3-876E20F8E7FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB43F47F-5BF9-43A0-BF0E-451B4A8F7137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11DDD82E-5D83-4581-B2F3-F12655BBF817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A0F0C91-171E-421D-BE86-11567DEFC7BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22D2621-D305-43CE-B00D-9A7563B061F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F4245BA-B05C-49DE-B2E0-1E588209ED3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8633532B-9785-4259-8840-B08529E20DCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1D9BD7E-FCC2-404B-A057-1A10997DAFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F935ED72-58F4-49C1-BD9F-5473E0B9D8CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EA52901-2D16-4F7E-BF5E-780B42A55D6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A79DA2C-35F3-47DE-909B-8D8D1AE111C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BF6952D-6308-4029-8B63-0BD9C648C60F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94941F86-0BBF-4F30-8F13-FB895A11ED69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17522878-4266-432A-859D-C02096C8AC0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"951FFCD7-EAC2-41E6-A53B-F90C540327E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1F2738-C7D6-4206-9227-43F464887FF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98EEB6F2-A721-45CF-A856-0E01B043C317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02FDE602-A56A-477E-B704-41AF92EEBB9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A28B11A-3BC7-41BC-8970-EE075B029F5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD3E84C-9A2E-4586-A09E-CBDEB1E7F695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6EF54C08-5FF1-4D02-AA16-B13096BD566C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8F3B31D-8974-4016-ACAF-E7A917C99F84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E98B82A-22E5-4E6C-90AE-56F5780EA147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34672E90-C220-436B-9143-480941227933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92883AFA-A02F-41A5-9977-ABEAC8AD2970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"989A78F8-EE92-465F-8A8D-ECF0B58AFE7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFB09F3-32D1-479C-8C39-D7329D9A6623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D56581E2-9ECD-426A-96D8-A9D958900AD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"717F6995-5AF0-484C-90C0-A82F25FD2E32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B0C01D5-773F-469C-9E69-170C2844AAA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB03FDFB-4DBF-4B70-BFA3-570D1DE67695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F5CF79C-759B-4FF9-90EE-847264059E93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"357651FD-392E-4775-BF20-37A23B3ABAE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585B9476-6B86-4809-9B9E-26112114CB59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6145036D-4FCE-4EBE-A137-BDFA69BA54F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E437055A-0A81-413F-AB08-0E9D0DC9EA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9276A093-9C98-4617-9941-2276995F5848\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98575E2-E39A-4A8F-B5B5-BD280B8367BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5878E08E-2741-4798-94E9-BA8E07386B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69F6BAB7-C099-4345-A632-7287AEA555B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3AAF031-D16B-4D51-9581-2D1376A5157B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51120689-F5C0-4DF1-91AA-314C40A46C58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F67477AB-85F6-421C-9C0B-C8EFB1B200CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D70CFD9-B55D-4A29-B94C-D33F3E881A8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E3C039-A949-4F1B-892A-57147EECB249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F28C7801-41B9-4552-BA1E-577967BCBBEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B21085-7259-4685-9D1F-FF98E6489E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"635EE321-2A1F-4FF8-95BE-0C26591969D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1096947-82A6-4EA8-A4F2-00D91E3F7DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11951A10-39A2-4FF5-8C43-DF94730FB794\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B6B0504-27C1-4824-A928-A878CBBAB32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D903956B-14F5-4177-AF12-0A5F1846D3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F847DC-A2F5-456C-9038-16A0E85F4C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6B93A3A-D487-4CA1-8257-26F8FE287B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8802B2-57E0-4AA6-BC8E-00DE60468569\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN63832775/index.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35393\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35685\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35788\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/39317\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/42368\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/44183\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2207\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/504170/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/504202/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/35263\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1520\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1535\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1856\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3056\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://jvn.jp/en/jp/JVN63832775/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35685\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39317\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42368\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/44183\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2011/dsa-2207\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:138\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/504170/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/504202/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/35263\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1856\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3056\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2010:0602

Vulnerability from csaf_redhat - Published: 2010-08-04 21:30 - Updated: 2026-01-08 09:21

Summary

Red Hat Security Advisory: Red Hat Certificate System 7.3 security update

Notes

Topic

Updated packages that fix multiple security issues and rebase various components are now available for Red Hat Certificate System 7.3. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

Red Hat Certificate System (RHCS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. Multiple buffer overflow flaws were discovered in the way the pcscd daemon, a resource manager that coordinates communications with smart card readers and smart cards connected to the system, handled client requests. A local user could create a specially-crafted request that would cause the pcscd daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407, CVE-2009-4901) This erratum updates the Tomcat component shipped as part of Red Hat Certificate System to version 5.5.23, to address multiple security issues. In a typical operating environment, Tomcat is not exposed to users of Certificate System in a vulnerable manner. These security updates will reduce risk in unique Certificate System environments. (CVE-2005-2090, CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382, CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232, CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580) This erratum provides updated versions of the following components, required by the updated Tomcat version: ant, avalon-logkit, axis, classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler, log4j, mx4j, xerces-j2, and xml-commons. A number of components have been updated to fix security issues for users of Red Hat Certificate System for the Solaris operating system. These fixes are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023, CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364, CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116 and CVE-2008-1927. Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were previously available to users of Red Hat Certificate System for Red Hat Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat Network. Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks, rhpki-java-tools, and rhpki-native-tools packages were updated to address some anomalous behavior on the Solaris operating system. (BZ#600513, BZ#605760) As well, this update provides an updated rhpki-manage package, which includes installation and uninstall scripts for Red Hat Certificate System that have been updated with the list of packages required by the Tomcat component, and an updated dependency on the NSS and NSPR packages. All users of Red Hat Certificate System are advised to upgrade to these updated packages, which correct these issues. Refer to the Red Hat Certificate System Administration Guide, linked to in the References, for details on how to install the updated packages on the Solaris operating system. After installing this update, all Red Hat Certificate System subsystems must be restarted ("/etc/init.d/[instance-name] restart") for the update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0602",
        "url": "https://access.redhat.com/errata/RHSA-2010:0602"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#moderate",
        "url": "http://www.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html",
        "url": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html"
      },
      {
        "category": "external",
        "summary": "200732",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
      },
      {
        "category": "external",
        "summary": "237079",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
      },
      {
        "category": "external",
        "summary": "237080",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
      },
      {
        "category": "external",
        "summary": "237084",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
      },
      {
        "category": "external",
        "summary": "237085",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
      },
      {
        "category": "external",
        "summary": "240423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
      },
      {
        "category": "external",
        "summary": "244658",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
      },
      {
        "category": "external",
        "summary": "244803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
      },
      {
        "category": "external",
        "summary": "245111",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
      },
      {
        "category": "external",
        "summary": "245112",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
      },
      {
        "category": "external",
        "summary": "247972",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
      },
      {
        "category": "external",
        "summary": "247976",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
      },
      {
        "category": "external",
        "summary": "250731",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
      },
      {
        "category": "external",
        "summary": "289511",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
      },
      {
        "category": "external",
        "summary": "323571",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
      },
      {
        "category": "external",
        "summary": "333791",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
      },
      {
        "category": "external",
        "summary": "419931",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
      },
      {
        "category": "external",
        "summary": "427228",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
      },
      {
        "category": "external",
        "summary": "427739",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
      },
      {
        "category": "external",
        "summary": "427766",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
      },
      {
        "category": "external",
        "summary": "429821",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
      },
      {
        "category": "external",
        "summary": "443928",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
      },
      {
        "category": "external",
        "summary": "451615",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
      },
      {
        "category": "external",
        "summary": "457597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
      },
      {
        "category": "external",
        "summary": "457934",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
      },
      {
        "category": "external",
        "summary": "458250",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
      },
      {
        "category": "external",
        "summary": "493381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
      },
      {
        "category": "external",
        "summary": "503928",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504390",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
      },
      {
        "category": "external",
        "summary": "504555",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "external",
        "summary": "509125",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
      },
      {
        "category": "external",
        "summary": "515698",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
      },
      {
        "category": "external",
        "summary": "521619",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
      },
      {
        "category": "external",
        "summary": "522209",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
      },
      {
        "category": "external",
        "summary": "570171",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
      },
      {
        "category": "external",
        "summary": "596426",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update",
    "tracking": {
      "current_release_date": "2026-01-08T09:21:24+00:00",
      "generator": {
        "date": "2026-01-08T09:21:24+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.14"
        }
      },
      "id": "RHSA-2010:0602",
      "initial_release_date": "2010-08-04T21:30:00+00:00",
      "revision_history": [
        {
          "date": "2010-08-04T21:30:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-08-05T10:04:51+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-08T09:21:24+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Certificate System 7.3 for 4AS",
                "product": {
                  "name": "Red Hat Certificate System 7.3 for 4AS",
                  "product_id": "4AS-CERT-7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:certificate_system:7.3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Certificate System 7.3 for 4ES",
                "product": {
                  "name": "Red Hat Certificate System 7.3 for 4ES",
                  "product_id": "4ES-CERT-7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:certificate_system:7.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Certificate System"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
                "product": {
                  "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
                  "product_id": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
                "product": {
                  "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
                  "product_id": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
                "product": {
                  "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
                  "product_id": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ant-0:1.6.5-1jpp_1rh.noarch",
                "product": {
                  "name": "ant-0:1.6.5-1jpp_1rh.noarch",
                  "product_id": "ant-0:1.6.5-1jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
                "product": {
                  "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
                  "product_id": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "axis-0:1.2.1-1jpp_3rh.noarch",
                "product": {
                  "name": "axis-0:1.2.1-1jpp_3rh.noarch",
                  "product_id": "axis-0:1.2.1-1jpp_3rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
                "product": {
                  "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
                  "product_id": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
                "product": {
                  "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
                  "product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "log4j-0:1.2.12-1jpp_1rh.noarch",
                "product": {
                  "name": "log4j-0:1.2.12-1jpp_1rh.noarch",
                  "product_id": "log4j-0:1.2.12-1jpp_1rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
                "product": {
                  "name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
                  "product_id": "mx4j-1:3.0.1-1jpp_4rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
                "product": {
                  "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
                  "product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-manage-0:7.3.0-19.el4.noarch",
                "product": {
                  "name": "rhpki-manage-0:7.3.0-19.el4.noarch",
                  "product_id": "rhpki-manage-0:7.3.0-19.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-ca-0:7.3.0-20.el4.noarch",
                "product": {
                  "name": "rhpki-ca-0:7.3.0-20.el4.noarch",
                  "product_id": "rhpki-ca-0:7.3.0-20.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-kra-0:7.3.0-14.el4.noarch",
                "product": {
                  "name": "rhpki-kra-0:7.3.0-14.el4.noarch",
                  "product_id": "rhpki-kra-0:7.3.0-14.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-tks-0:7.3.0-13.el4.noarch",
                "product": {
                  "name": "rhpki-tks-0:7.3.0-13.el4.noarch",
                  "product_id": "rhpki-tks-0:7.3.0-13.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
                "product": {
                  "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
                  "product_id": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
                "product": {
                  "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
                  "product_id": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                "product": {
                  "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_id": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xml-commons-0:1.3.02-2jpp_1rh.src",
                "product": {
                  "name": "xml-commons-0:1.3.02-2jpp_1rh.src",
                  "product_id": "xml-commons-0:1.3.02-2jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
                "product": {
                  "name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
                  "product_id": "xerces-j2-0:2.7.1-1jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ant-0:1.6.5-1jpp_1rh.src",
                "product": {
                  "name": "ant-0:1.6.5-1jpp_1rh.src",
                  "product_id": "ant-0:1.6.5-1jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "avalon-logkit-0:1.2-2jpp_4rh.src",
                "product": {
                  "name": "avalon-logkit-0:1.2-2jpp_4rh.src",
                  "product_id": "avalon-logkit-0:1.2-2jpp_4rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "axis-0:1.2.1-1jpp_3rh.src",
                "product": {
                  "name": "axis-0:1.2.1-1jpp_3rh.src",
                  "product_id": "axis-0:1.2.1-1jpp_3rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
                "product": {
                  "name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
                  "product_id": "classpathx-jaf-0:1.0-2jpp_6rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
                "product": {
                  "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
                  "product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "log4j-0:1.2.12-1jpp_1rh.src",
                "product": {
                  "name": "log4j-0:1.2.12-1jpp_1rh.src",
                  "product_id": "log4j-0:1.2.12-1jpp_1rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mx4j-1:3.0.1-1jpp_4rh.src",
                "product": {
                  "name": "mx4j-1:3.0.1-1jpp_4rh.src",
                  "product_id": "mx4j-1:3.0.1-1jpp_4rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
                "product": {
                  "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
                  "product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                  "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-0:1.3.3-3.el4.src",
                "product": {
                  "name": "pcsc-lite-0:1.3.3-3.el4.src",
                  "product_id": "pcsc-lite-0:1.3.3-3.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
                "product": {
                  "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
                  "product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
                "product": {
                  "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
                  "product_id": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
                "product": {
                  "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
                  "product_id": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
                "product": {
                  "name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
                  "product_id": "rhpki-native-tools-0:7.3.0-6.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
                "product": {
                  "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
                  "product_id": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
        },
        "product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
        },
        "product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
        },
        "product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
        },
        "product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
          "product_id": "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4AS-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
        },
        "product_reference": "ant-0:1.6.5-1jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
        },
        "product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
        },
        "product_reference": "axis-0:1.2.1-1jpp_3rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
        },
        "product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
        },
        "product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
        },
        "product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
        },
        "product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
        },
        "product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
        },
        "product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
        },
        "product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
        },
        "product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
        },
        "product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
        },
        "product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
        },
        "product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
        },
        "product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
        },
        "product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
        },
        "product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
        },
        "product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
        },
        "product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
        "relates_to_product_reference": "4ES-CERT-7.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
          "product_id": "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        },
        "product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
        "relates_to_product_reference": "4ES-CERT-7.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2005-2090",
      "discovery_date": "2005-06-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237079"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat multiple content-length header poisioning",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "RHBZ#237079",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
        }
      ],
      "release_date": "2005-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat multiple content-length header poisioning"
    },
    {
      "cve": "CVE-2005-3510",
      "discovery_date": "2005-11-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237085"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat DoS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "RHBZ#237085",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
          "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
        }
      ],
      "release_date": "2005-11-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat DoS"
    },
    {
      "cve": "CVE-2006-3835",
      "discovery_date": "2006-07-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237084"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory listing issue",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "RHBZ#237084",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
        }
      ],
      "release_date": "2006-07-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat directory listing issue"
    },
    {
      "cve": "CVE-2006-3918",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2006-07-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "200732"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: Expect header XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3918"
        },
        {
          "category": "external",
          "summary": "RHBZ#200732",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918"
        }
      ],
      "release_date": "2006-05-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: Expect header XSS"
    },
    {
      "cve": "CVE-2006-5752",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-06-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "245112"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd mod_status XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-5752"
        },
        {
          "category": "external",
          "summary": "RHBZ#245112",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
        }
      ],
      "release_date": "2007-06-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd mod_status XSS"
    },
    {
      "cve": "CVE-2007-0450",
      "discovery_date": "2007-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "237080"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat directory traversal",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "RHBZ#237080",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
        }
      ],
      "release_date": "2007-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat directory traversal"
    },
    {
      "cve": "CVE-2007-1349",
      "discovery_date": "2007-05-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "240423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_perl PerlRun denial of service",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "RHBZ#240423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
        }
      ],
      "release_date": "2007-03-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "mod_perl PerlRun denial of service"
    },
    {
      "cve": "CVE-2007-1358",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-04-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat accept-language xss flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "RHBZ#244803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
        }
      ],
      "release_date": "2007-06-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat accept-language xss flaw"
    },
    {
      "cve": "CVE-2007-1863",
      "discovery_date": "2007-05-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "244658"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd mod_cache segfault",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1863"
        },
        {
          "category": "external",
          "summary": "RHBZ#244658",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863"
        }
      ],
      "release_date": "2007-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd mod_cache segfault"
    },
    {
      "cve": "CVE-2007-3304",
      "discovery_date": "2007-06-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "245111"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd scoreboard lack of PID protection",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3304"
        },
        {
          "category": "external",
          "summary": "RHBZ#245111",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
        }
      ],
      "release_date": "2007-06-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd scoreboard lack of PID protection"
    },
    {
      "cve": "CVE-2007-3382",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247972"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookies",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "RHBZ#247972",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookies"
    },
    {
      "cve": "CVE-2007-3385",
      "discovery_date": "2007-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "247976"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat handling of cookie values",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "RHBZ#247976",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
        }
      ],
      "release_date": "2007-08-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat handling of cookie values"
    },
    {
      "cve": "CVE-2007-3847",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2007-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "250731"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: out of bounds read",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-3847"
        },
        {
          "category": "external",
          "summary": "RHBZ#250731",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847"
        }
      ],
      "release_date": "2007-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: out of bounds read"
    },
    {
      "cve": "CVE-2007-4465",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-09-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "289511"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_autoindex XSS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-4465"
        },
        {
          "category": "external",
          "summary": "RHBZ#289511",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465"
        }
      ],
      "release_date": "2007-09-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mod_autoindex XSS"
    },
    {
      "cve": "CVE-2007-5000",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2007-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "419931"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_imagemap XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5000"
        },
        {
          "category": "external",
          "summary": "RHBZ#419931",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000"
        }
      ],
      "release_date": "2007-12-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_imagemap XSS"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Tavis Ormandy",
            "Will Drewry"
          ]
        }
      ],
      "cve": "CVE-2007-5116",
      "discovery_date": "2007-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "323571"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl regular expression UTF parsing errors",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5116"
        },
        {
          "category": "external",
          "summary": "RHBZ#323571",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116"
        }
      ],
      "release_date": "2007-11-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "perl regular expression UTF parsing errors"
    },
    {
      "cve": "CVE-2007-5333",
      "discovery_date": "2008-01-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427766"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Improve cookie parsing for tomcat5",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "RHBZ#427766",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
        }
      ],
      "release_date": "2008-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Improve cookie parsing for tomcat5"
    },
    {
      "cve": "CVE-2007-5461",
      "discovery_date": "2007-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "333791"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Absolute path traversal Apache Tomcat WEBDAV",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "RHBZ#333791",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
        }
      ],
      "release_date": "2007-10-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Absolute path traversal Apache Tomcat WEBDAV"
    },
    {
      "cve": "CVE-2007-6388",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-01-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427228"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache mod_status cross-site scripting",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-6388"
        },
        {
          "category": "external",
          "summary": "RHBZ#427228",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388"
        }
      ],
      "release_date": "2007-12-29T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache mod_status cross-site scripting"
    },
    {
      "cve": "CVE-2008-0005",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-01-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427739"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "mod_proxy_ftp XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0005"
        },
        {
          "category": "external",
          "summary": "RHBZ#427739",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005"
        }
      ],
      "release_date": "2008-01-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "mod_proxy_ftp XSS"
    },
    {
      "cve": "CVE-2008-0128",
      "discovery_date": "2008-01-23T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "429821"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat5 SSO cookie login information disclosure",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "RHBZ#429821",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
        }
      ],
      "release_date": "2006-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat5 SSO cookie login information disclosure"
    },
    {
      "cve": "CVE-2008-1232",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "457597"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Cross-Site-Scripting enabled by sendError call",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1232"
        },
        {
          "category": "external",
          "summary": "RHBZ#457597",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
        }
      ],
      "release_date": "2008-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Cross-Site-Scripting enabled by sendError call"
    },
    {
      "cve": "CVE-2008-1927",
      "discovery_date": "2008-04-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "443928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.  NOTE: this issue might only be present on certain operating systems.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl: heap corruption by regular expressions with utf8 characters",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1927"
        },
        {
          "category": "external",
          "summary": "RHBZ#443928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927"
        }
      ],
      "release_date": "2007-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "perl: heap corruption by regular expressions with utf8 characters"
    },
    {
      "cve": "CVE-2008-2364",
      "discovery_date": "2008-05-29T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "451615"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2364"
        },
        {
          "category": "external",
          "summary": "RHBZ#451615",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2364",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364"
        }
      ],
      "release_date": "2008-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server"
    },
    {
      "cve": "CVE-2008-2370",
      "discovery_date": "2008-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "457934"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat RequestDispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2370"
        },
        {
          "category": "external",
          "summary": "RHBZ#457934",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
        }
      ],
      "release_date": "2008-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat RequestDispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2008-2939",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-08-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "458250"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ftp globbing XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2939"
        },
        {
          "category": "external",
          "summary": "RHBZ#458250",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939"
        }
      ],
      "release_date": "2008-08-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_proxy_ftp globbing XSS"
    },
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0023",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503928"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util heap buffer underwrite",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0023"
        },
        {
          "category": "external",
          "summary": "RHBZ#503928",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util heap buffer underwrite"
    },
    {
      "cve": "CVE-2009-0033",
      "discovery_date": "2009-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "493381"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Denial-Of-Service with AJP connection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "RHBZ#493381",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat6 Denial-Of-Service with AJP connection"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-1891",
      "discovery_date": "2009-06-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "509125"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1891"
        },
        {
          "category": "external",
          "summary": "RHBZ#509125",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
        }
      ],
      "release_date": "2009-06-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
    },
    {
      "cve": "CVE-2009-1955",
      "discovery_date": "2009-06-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504555"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util billion laughs attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1955"
        },
        {
          "category": "external",
          "summary": "RHBZ#504555",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1955",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955"
        }
      ],
      "release_date": "2009-06-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util billion laughs attack"
    },
    {
      "cve": "CVE-2009-1956",
      "discovery_date": "2009-06-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504390"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util single NULL byte buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1956"
        },
        {
          "category": "external",
          "summary": "RHBZ#504390",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1956",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956"
        }
      ],
      "release_date": "2009-04-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util single NULL byte buffer overflow"
    },
    {
      "cve": "CVE-2009-2412",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2009-07-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "515698"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows.  NOTE: some of these details are obtained from third party information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-2412"
        },
        {
          "category": "external",
          "summary": "RHBZ#515698",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
        }
      ],
      "release_date": "2009-08-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
    },
    {
      "cve": "CVE-2009-3094",
      "discovery_date": "2009-09-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "521619"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3094"
        },
        {
          "category": "external",
          "summary": "RHBZ#521619",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3094",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094"
        }
      ],
      "release_date": "2009-09-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply"
    },
    {
      "cve": "CVE-2009-3095",
      "discovery_date": "2009-09-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "522209"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-3095"
        },
        {
          "category": "external",
          "summary": "RHBZ#522209",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3095",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095"
        }
      ],
      "release_date": "2009-09-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header"
    },
    {
      "cve": "CVE-2009-4901",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2010-05-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "596426"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-4901"
        },
        {
          "category": "external",
          "summary": "RHBZ#596426",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4901",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901"
        }
      ],
      "release_date": "2010-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
    },
    {
      "cve": "CVE-2010-0407",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2010-05-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "596426"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0407"
        },
        {
          "category": "external",
          "summary": "RHBZ#596426",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407"
        }
      ],
      "release_date": "2010-06-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
    },
    {
      "cve": "CVE-2010-0434",
      "discovery_date": "2010-03-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "570171"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: request header information leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
          "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
          "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
          "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
          "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
          "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
          "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
          "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
          "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
          "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
          "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
          "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
          "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
          "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
          "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
          "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
          "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
          "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
          "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
          "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
          "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2010-0434"
        },
        {
          "category": "external",
          "summary": "RHBZ#570171",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2010-0434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434"
        }
      ],
      "release_date": "2009-12-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-08-04T21:30:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0602"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
            "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
            "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
            "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
            "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
            "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
            "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
            "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
            "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
            "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
            "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
            "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
            "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
            "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
            "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
            "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
            "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
            "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
            "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
            "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
            "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "httpd: request header information leak"
    }
  ]
}

RHSA-2009:1143

Vulnerability from csaf_redhat - Published: 2009-07-06 11:42 - Updated: 2025-11-21 17:34

Summary

Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP07 update

Notes

Topic

Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix various issues are now available for Red Hat Enterprise Linux 5 as JBEAP 4.2.0.CP07. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 5 serves as a replacement to JBEAP 4.2.0.CP06. These updated packages include bug fixes and enhancements which are detailed in the release notes. The link to the release notes is available below in the References section of this errata. The following security issues are also fixed with this release: It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications deployed on JBossWeb when FORM-based authentication was used. (CVE-2009-0580) It was discovered that web applications containing their own XML parsers could replace the XML parser JBossWeb uses to parse configuration files. A malicious web application running on a JBossWeb instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same JBossWeb instance. (CVE-2009-0783) Warning: before applying this update, please back up the JBEAP "server/[configuration]/deploy/" directory, and any other customized configuration files. All users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nvarious issues are now available for Red Hat Enterprise Linux 5 as JBEAP\n4.2.0.CP07.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.2.0.CP06.\n\nThese updated packages include bug fixes and enhancements which are\ndetailed in the release notes. The link to the release notes is available\nbelow in the References section of this errata.\n\nThe following security issues are also fixed with this release:\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications deployed on JBossWeb when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser JBossWeb uses to parse configuration files. A\nmalicious web application running on a JBossWeb instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same JBossWeb instance. (CVE-2009-0783)\n\nWarning: before applying this update, please back up the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1143",
        "url": "https://access.redhat.com/errata/RHSA-2009:1143"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp07/html-single/Release_Notes/index.html",
        "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp07/html-single/Release_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#important",
        "url": "http://www.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "499600",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499600"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1143.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP07 update",
    "tracking": {
      "current_release_date": "2025-11-21T17:34:50+00:00",
      "generator": {
        "date": "2025-11-21T17:34:50+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1143",
      "initial_release_date": "2009-07-06T11:42:00+00:00",
      "revision_history": [
        {
          "date": "2009-07-06T11:42:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-07-06T07:42:19+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:34:50+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
                  "product_id": "5Server-JBEAP-4.2.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
                "product": {
                  "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
                  "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
                "product": {
                  "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
                  "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.6-1.ep1.el5.src",
                "product": {
                  "name": "jgroups-1:2.4.6-1.ep1.el5.src",
                  "product_id": "jgroups-1:2.4.6-1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el5?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
                "product": {
                  "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
                  "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el5?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
                "product": {
                  "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
                  "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src",
                "product": {
                  "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src",
                  "product_id": "jboss-remoting-0:2.2.3-2.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
                "product": {
                  "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
                  "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.2.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
                "product": {
                  "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
                  "product_id": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.1GA_CP01.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
                  "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.1.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
                "product": {
                  "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
                  "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.3.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
                  "product_id": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-5.GA_CP07.ep1.1.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.src",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.src",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.13.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.13.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
                "product": {
                  "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
                  "product_id": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP07.5.1.ep1.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
                "product": {
                  "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
                  "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
                "product": {
                  "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
                  "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.6-1.ep1.el5.noarch",
                "product": {
                  "name": "jgroups-1:2.4.6-1.ep1.el5.noarch",
                  "product_id": "jgroups-1:2.4.6-1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el5?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
                  "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
                  "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                "product": {
                  "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                  "product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
                "product": {
                  "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
                  "product_id": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                "product": {
                  "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                  "product_id": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations-javadoc@3.0.0-1jpp.ep1.5.2.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                "product": {
                  "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                  "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.2.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                "product": {
                  "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                  "product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.10.1GA_CP01.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                "product": {
                  "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                  "product_id": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.1GA_CP01.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
                  "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
                  "product_id": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.3.2-2.4.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                "product": {
                  "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                  "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.3.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                "product": {
                  "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                  "product_id": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator-javadoc@3.0.0-1jpp.ep1.8.3.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
                "product": {
                  "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
                  "product_id": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-5.GA_CP07.ep1.1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
                  "product_id": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-5.GA_CP07.ep1.1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
                "product": {
                  "name": "jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
                  "product_id": "jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.13.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.13.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
                "product": {
                  "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
                  "product_id": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP07.5.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
                "product": {
                  "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
                  "product_id": "jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-client@4.2.0-4.GA_CP07.5.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
                "product": {
                  "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
                  "product_id": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP07-bin@4.2.0-4.GA_CP07.5.1.ep1.el5?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch"
        },
        "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch"
        },
        "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.13.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.13.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch"
        },
        "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src"
        },
        "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch"
        },
        "product_reference": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch"
        },
        "product_reference": "jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.2.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:42:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1143"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:42:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1143"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-0783",
      "discovery_date": "2009-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XML parser information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
          "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
          "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
          "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src",
          "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
          "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
          "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
          "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "RHBZ#504153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783"
        }
      ],
      "release_date": "2009-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:42:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1143"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.2.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
            "5Server-JBEAP-4.2.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
            "5Server-JBEAP-4.2.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.noarch",
            "5Server-JBEAP-4.2.0:jboss-seam-0:1.2.1-1.ep1.13.el5.src",
            "5Server-JBEAP-4.2.0:jboss-seam-docs-0:1.2.1-1.ep1.13.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossas-client-0:4.2.0-4.GA_CP07.5.1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
            "5Server-JBEAP-4.2.0:jgroups-1:2.4.6-1.ep1.el5.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch",
            "5Server-JBEAP-4.2.0:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5.src",
            "5Server-JBEAP-4.2.0:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.1.el5.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XML parser information disclosure"
    }
  ]
}

RHSA-2009:1617

Vulnerability from csaf_redhat - Published: 2009-11-30 15:18 - Updated: 2025-11-21 17:35

Summary

Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server

Notes

Topic

An updated tomcat package that fixes several security issues is now available for Red Hat Network Satellite Server 5.1. This update has been rated as having low security impact by the Red Hat Security Response Team.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated tomcat package that fixes several security issues is now\navailable for Red Hat Network Satellite Server 5.1.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThis update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a typical\noperating environment, Tomcat is not exposed to users of Satellite Server\nin a vulnerable manner: By default, only Satellite Server applications are\nrunning on Tomcat. This update will reduce risk in unique Satellite Server\nenvironments.\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Red Hat Network Satellite Server 5.1 are advised to upgrade to\nthis updated tomcat package, which contains backported patches to resolve\nthese issues. Tomcat must be restarted for this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1617",
        "url": "https://access.redhat.com/errata/RHSA-2009:1617"
      },
      {
        "category": "external",
        "summary": "http://tomcat.apache.org/security-5.html",
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#low",
        "url": "http://www.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "493381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
      },
      {
        "category": "external",
        "summary": "504153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1617.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server",
    "tracking": {
      "current_release_date": "2025-11-21T17:35:32+00:00",
      "generator": {
        "date": "2025-11-21T17:35:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1617",
      "initial_release_date": "2009-11-30T15:18:00+00:00",
      "revision_history": [
        {
          "date": "2009-11-30T15:18:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-11-30T10:18:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:35:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.1::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.0.30-0jpp_16rh.src",
                "product": {
                  "name": "tomcat5-0:5.0.30-0jpp_16rh.src",
                  "product_id": "tomcat5-0:5.0.30-0jpp_16rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_16rh?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.0.30-0jpp_16rh.noarch",
                "product": {
                  "name": "tomcat5-0:5.0.30-0jpp_16rh.noarch",
                  "product_id": "tomcat5-0:5.0.30-0jpp_16rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_16rh?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_16rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_16rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_16rh.src as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_16rh.src",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-30T15:18:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1617"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0033",
      "discovery_date": "2009-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "493381"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Denial-Of-Service with AJP connection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "RHBZ#493381",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-30T15:18:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1617"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat6 Denial-Of-Service with AJP connection"
    },
    {
      "cve": "CVE-2009-0783",
      "discovery_date": "2009-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XML parser information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch",
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "RHBZ#504153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783"
        }
      ],
      "release_date": "2009-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-30T15:18:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1617"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.noarch",
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_16rh.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XML parser information disclosure"
    }
  ]
}

RHSA-2009:1616

Vulnerability from csaf_redhat - Published: 2009-11-30 15:16 - Updated: 2025-11-21 17:35

Summary

Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server

Notes

Topic

Updated tomcat packages that fix several security issues are now available for Red Hat Network Satellite Server 5.2 and 5.3. This update has been rated as having low security impact by the Red Hat Security Response Team.

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. This update corrects several security vulnerabilities in the Tomcat component shipped as part of Red Hat Network Satellite Server. In a typical operating environment, Tomcat is not exposed to users of Satellite Server in a vulnerable manner: By default, only Satellite Server applications are running on Tomcat. This update will reduce risk in unique Satellite Server environments. It was discovered that the Red Hat Security Advisory RHSA-2007:1069 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacker could use this flaw to obtain sensitive information, such as session IDs, and then use this information for session hijacking attacks. (CVE-2007-5333) Note: The fix for the CVE-2007-5333 flaw changes the default cookie processing behavior: With this update, version 0 cookies that contain values that must be quoted to be valid are automatically changed to version 1 cookies. To reactivate the previous, but insecure behavior, add the following entry to the "/etc/tomcat5/catalina.properties" file: org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially-crafted requests that would cause a temporary denial of service. (CVE-2009-0033) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. (CVE-2009-0580) It was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (CVE-2009-0783) Users of Red Hat Network Satellite Server 5.2 and 5.3 are advised to upgrade to these updated tomcat packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Network Satellite Server 5.2 and 5.3.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThis update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a typical\noperating environment, Tomcat is not exposed to users of Satellite Server\nin a vulnerable manner: By default, only Satellite Server applications are\nrunning on Tomcat. This update will reduce risk in unique Satellite Server\nenvironments.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2007:1069 did not\naddress all possible flaws in the way Tomcat handles certain characters and\ncharacter sequences in cookie values. A remote attacker could use this flaw\nto obtain sensitive information, such as session IDs, and then use this\ninformation for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: With this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to version\n1 cookies. To reactivate the previous, but insecure behavior, add the\nfollowing entry to the \"/etc/tomcat5/catalina.properties\" file:\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Red Hat Network Satellite Server 5.2 and 5.3 are advised to\nupgrade to these updated tomcat packages, which contain backported patches\nto resolve these issues. Tomcat must be restarted for this update to take\neffect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1616",
        "url": "https://access.redhat.com/errata/RHSA-2009:1616"
      },
      {
        "category": "external",
        "summary": "http://tomcat.apache.org/security-5.html",
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#low",
        "url": "http://www.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "427766",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
      },
      {
        "category": "external",
        "summary": "493381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1616.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server",
    "tracking": {
      "current_release_date": "2025-11-21T17:35:31+00:00",
      "generator": {
        "date": "2025-11-21T17:35:31+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1616",
      "initial_release_date": "2009-11-30T15:16:00+00:00",
      "revision_history": [
        {
          "date": "2009-11-30T15:16:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-11-30T10:16:12+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:35:31+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.2 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite 5.2 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT5.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.2::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.3 (RHEL v.4)",
                "product": {
                  "name": "Red Hat Satellite 5.3 (RHEL v.4)",
                  "product_id": "4AS-RHNSAT5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.3::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_18rh.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_18rh.src",
                  "product_id": "tomcat5-0:5.5.23-0jpp_18rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_18rh?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_18rh.src as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.src",
        "relates_to_product_reference": "4AS-RHNSAT5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.2 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)",
          "product_id": "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_18rh.src as a component of Red Hat Satellite 5.3 (RHEL v.4)",
          "product_id": "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.src",
        "relates_to_product_reference": "4AS-RHNSAT5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)",
          "product_id": "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)",
          "product_id": "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)",
          "product_id": "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)",
          "product_id": "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Satellite 5.3 (RHEL v.4)",
          "product_id": "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-5333",
      "discovery_date": "2008-01-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427766"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Improve cookie parsing for tomcat5",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "RHBZ#427766",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
        }
      ],
      "release_date": "2008-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-30T15:16:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1616"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Improve cookie parsing for tomcat5"
    },
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-30T15:16:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1616"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0033",
      "discovery_date": "2009-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "493381"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Denial-Of-Service with AJP connection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "RHBZ#493381",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-30T15:16:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1616"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat6 Denial-Of-Service with AJP connection"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-30T15:16:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1616"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-0783",
      "discovery_date": "2009-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XML parser information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "RHBZ#504153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783"
        }
      ],
      "release_date": "2009-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-30T15:16:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1616"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.2:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-RHNSAT5.3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-RHNSAT5.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XML parser information disclosure"
    }
  ]
}

RHSA-2009:1454

Vulnerability from csaf_redhat - Published: 2009-09-21 15:51 - Updated: 2025-11-21 17:35

Summary

Red Hat Security Advisory: tomcat5 security update

Notes

Topic

Updated tomcat5 packages that fix several security issues are now available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. [Updated 23 September 2009] This erratum has been updated to include replacement packages for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4. The original packages did not contain a fix for the low security impact issue CVE-2009-0783. The packages for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 5 are unchanged as they included the fix for CVE-2009-0783.

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Tomcat does not properly handle a certain character and character sequence in cookie values. A remote attacker could use this flaw to obtain sensitive information, such as session IDs, and then use this information for session hijacking attacks. (CVE-2007-5333) Note: The fix for the CVE-2007-5333 flaw changes the default cookie processing behavior: With this update, version 0 cookies that contain values that must be quoted to be valid are automatically changed to version 1 cookies. To reactivate the previous, but insecure behavior, add the following entry to the "/etc/tomcat5/catalina.properties" file: org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially-crafted requests that would cause a temporary denial of service. (CVE-2009-0033) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. (CVE-2009-0580) It was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (CVE-2009-0783) Users of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tomcat5 packages that fix several security issues are now available\nfor JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.\n\n[Updated 23 September 2009]\nThis erratum has been updated to include replacement packages for JBoss\nEnterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4. The original\npackages did not contain a fix for the low security impact issue\nCVE-2009-0783. The packages for JBoss Enterprise Web Server 1.0.0 for Red\nHat Enterprise Linux 5 are unchanged as they included the fix for\nCVE-2009-0783.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that Tomcat does not properly handle a certain character\nand character sequence in cookie values. A remote attacker could use this\nflaw to obtain sensitive information, such as session IDs, and then use\nthis information for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: With this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to version\n1 cookies. To reactivate the previous, but insecure behavior, add the\nfollowing entry to the \"/etc/tomcat5/catalina.properties\" file:\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1454",
        "url": "https://access.redhat.com/errata/RHSA-2009:1454"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://tomcat.apache.org/security-5.html",
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "category": "external",
        "summary": "427766",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
      },
      {
        "category": "external",
        "summary": "493381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1454.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat5 security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:35:12+00:00",
      "generator": {
        "date": "2025-11-21T17:35:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1454",
      "initial_release_date": "2009-09-21T15:51:00+00:00",
      "revision_history": [
        {
          "date": "2009-09-21T15:51:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-09-23T11:15:12+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:35:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
                  "product_id": "5Server-JBEWS-5.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
                "product": {
                  "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
                  "product_id": "4AS-JBEWS-5.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
                "product": {
                  "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
                  "product_id": "4ES-JBEWS-5.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.9.6.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_id": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.9.6.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.9.6.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.9.6.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.9.6.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.9.6.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.9.6.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.9.6.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.9.6.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.9.6.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.9.6.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-1.patch07.19.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-1.patch07.19.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_id": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-1.patch07.19.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                "product": {
                  "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_id": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-1.patch07.19.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-1.patch07.19.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-1.patch07.19.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-1.patch07.19.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-1.patch07.19.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_id": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-1.patch07.19.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_id": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-1.patch07.19.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_id": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-1.patch07.19.ep5.el4?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
                  "product_id": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.9.6.ep5.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
                  "product_id": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-1.patch07.19.ep5.el4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src"
        },
        "product_reference": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src"
        },
        "product_reference": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-5333",
      "discovery_date": "2008-01-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427766"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Improve cookie parsing for tomcat5",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
          "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
          "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
          "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "RHBZ#427766",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
        }
      ],
      "release_date": "2008-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-09-21T15:51:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1454"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Improve cookie parsing for tomcat5"
    },
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
          "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
          "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
          "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-09-21T15:51:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1454"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0033",
      "discovery_date": "2009-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "493381"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Denial-Of-Service with AJP connection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
          "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
          "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
          "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "RHBZ#493381",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-09-21T15:51:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1454"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat6 Denial-Of-Service with AJP connection"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
          "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
          "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
          "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-09-21T15:51:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1454"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-0783",
      "discovery_date": "2009-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XML parser information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
          "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
          "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
          "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "RHBZ#504153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783"
        }
      ],
      "release_date": "2009-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-09-21T15:51:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1454"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-0:5.5.23-1.patch07.19.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-1.patch07.19.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-0:5.5.23-0jpp.9.6.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.9.6.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.23-0jpp.9.6.ep5.el5.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XML parser information disclosure"
    }
  ]
}

RHSA-2009:1145

Vulnerability from csaf_redhat - Published: 2009-07-06 11:41 - Updated: 2025-11-21 17:34

Summary

Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP05 update

Notes

Topic

Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix various issues are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP05. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 5 serves as a replacement to JBEAP 4.3.0.CP04. These updated packages include bug fixes and enhancements which are detailed in the release notes. The link to the release notes is available below in the References section of this errata. The following security issues are also fixed with this release: It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications deployed on JBossWeb when FORM-based authentication was used. (CVE-2009-0580) It was discovered that web applications containing their own XML parsers could replace the XML parser JBossWeb uses to parse configuration files. A malicious web application running on a JBossWeb instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same JBossWeb instance. (CVE-2009-0783) Warning: before applying this update, please back up the JBEAP "server/[configuration]/deploy/" directory, and any other customized configuration files. All users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nvarious issues are now available for Red Hat Enterprise Linux 5 as JBEAP\n4.3.0.CP05.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.3.0.CP04.\n\nThese updated packages include bug fixes and enhancements which are\ndetailed in the release notes. The link to the release notes is available\nbelow in the References section of this errata.\n\nThe following security issues are also fixed with this release:\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications deployed on JBossWeb when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser JBossWeb uses to parse configuration files. A\nmalicious web application running on a JBossWeb instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same JBossWeb instance. (CVE-2009-0783)\n\nWarning: before applying this update, please back up the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1145",
        "url": "https://access.redhat.com/errata/RHSA-2009:1145"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#important",
        "url": "http://www.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp05/html-single/Release_Notes/index.html",
        "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp05/html-single/Release_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "499602",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499602"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1145.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP05 update",
    "tracking": {
      "current_release_date": "2025-11-21T17:34:51+00:00",
      "generator": {
        "date": "2025-11-21T17:34:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1145",
      "initial_release_date": "2009-07-06T11:41:00+00:00",
      "revision_history": [
        {
          "date": "2009-07-06T11:41:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-07-06T07:41:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:34:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
                  "product_id": "5Server-JBEAP-4.3.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
                "product": {
                  "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
                  "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
                "product": {
                  "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
                  "product_id": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaxb@2.1.4-1.11.1.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
                "product": {
                  "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
                  "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
                "product": {
                  "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
                  "product_id": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-spi@1.0.0-1.GA_CP02.1.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.6-1.ep1.el5.src",
                "product": {
                  "name": "jgroups-1:2.4.6-1.ep1.el5.src",
                  "product_id": "jgroups-1:2.4.6-1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el5?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
                "product": {
                  "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
                  "product_id": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-common@1.0.0-2.GA_CP04.1.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
                "product": {
                  "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
                  "product_id": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-framework@2.0.1-1.GA_CP04.2.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
                "product": {
                  "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
                  "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el5?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
                "product": {
                  "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
                  "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
                "product": {
                  "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
                  "product_id": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws@2.0.1-3.SP2_CP06.3.1.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
                "product": {
                  "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
                  "product_id": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-2.SP3_CP08.1.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src",
                "product": {
                  "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src",
                  "product_id": "jboss-remoting-0:2.2.3-2.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
                "product": {
                  "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
                  "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.2.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
                "product": {
                  "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
                  "product_id": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.1GA_CP01.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
                  "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.1.ep1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
                "product": {
                  "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
                  "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.3.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
                "product": {
                  "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
                  "product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
                "product": {
                  "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
                  "product_id": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-5.GA_CP05.ep1.2.1.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
                "product": {
                  "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
                  "product_id": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.3.0-4.GA_CP05.6.1.ep1.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
                "product": {
                  "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
                  "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
                "product": {
                  "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
                  "product_id": "glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaxb-javadoc@2.1.4-1.11.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
                "product": {
                  "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
                  "product_id": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaxb@2.1.4-1.11.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
                "product": {
                  "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
                  "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
                "product": {
                  "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
                  "product_id": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-spi@1.0.0-1.GA_CP02.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.6-1.ep1.el5.noarch",
                "product": {
                  "name": "jgroups-1:2.4.6-1.ep1.el5.noarch",
                  "product_id": "jgroups-1:2.4.6-1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el5?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
                "product": {
                  "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
                  "product_id": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-common@1.0.0-2.GA_CP04.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
                "product": {
                  "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
                  "product_id": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-framework@2.0.1-1.GA_CP04.2.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
                  "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el5?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
                "product": {
                  "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
                  "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
                "product": {
                  "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
                  "product_id": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws@2.0.1-3.SP2_CP06.3.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
                "product": {
                  "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
                  "product_id": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-native42@2.0.1-3.SP2_CP06.3.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
                "product": {
                  "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
                  "product_id": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-2.SP3_CP08.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                "product": {
                  "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                  "product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
                "product": {
                  "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
                  "product_id": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                "product": {
                  "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                  "product_id": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations-javadoc@3.0.0-1jpp.ep1.5.2.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                "product": {
                  "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                  "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.2.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                "product": {
                  "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                  "product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.10.1GA_CP01.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                "product": {
                  "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                  "product_id": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.1GA_CP01.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
                  "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
                  "product_id": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.3.2-2.4.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                "product": {
                  "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                  "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.3.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                "product": {
                  "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                  "product_id": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator-javadoc@3.0.0-1jpp.ep1.8.3.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
                "product": {
                  "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
                  "product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
                "product": {
                  "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
                  "product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
                "product": {
                  "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
                  "product_id": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-5.GA_CP05.ep1.2.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
                "product": {
                  "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
                  "product_id": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-5.GA_CP05.ep1.2.1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
                "product": {
                  "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
                  "product_id": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.3.0-4.GA_CP05.6.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
                "product": {
                  "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
                  "product_id": "jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-client@4.3.0-4.GA_CP05.6.1.ep1.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
                "product": {
                  "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
                  "product_id": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP05-bin@4.3.0-4.GA_CP05.6.1.ep1.el5?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch"
        },
        "product_reference": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src"
        },
        "product_reference": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch"
        },
        "product_reference": "glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch"
        },
        "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch"
        },
        "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch"
        },
        "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src"
        },
        "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch"
        },
        "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src"
        },
        "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch"
        },
        "product_reference": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch"
        },
        "product_reference": "jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch"
        },
        "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src"
        },
        "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch"
        },
        "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src"
        },
        "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch"
        },
        "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src"
        },
        "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch"
        },
        "product_reference": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch"
        },
        "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src"
        },
        "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src"
        },
        "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-4.3.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
          "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
          "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
          "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
          "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
          "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
          "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
          "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
            "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
            "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
            "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
            "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
            "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
            "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
            "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1145"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
          "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
          "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
          "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
          "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
          "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
          "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
          "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
            "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
            "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
            "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
            "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
            "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
            "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
            "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1145"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
            "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
            "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
            "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
            "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
            "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
            "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
            "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-0783",
      "discovery_date": "2009-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XML parser information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
          "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
          "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
          "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
          "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
          "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
          "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
          "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
          "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src",
          "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
          "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
          "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "RHBZ#504153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783"
        }
      ],
      "release_date": "2009-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
            "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
            "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
            "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
            "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
            "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
            "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
            "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1145"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.1GA_CP01.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.2.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5.src",
            "5Server-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.3.el5.noarch",
            "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.noarch",
            "5Server-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el5.src",
            "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
            "5Server-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.src",
            "5Server-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1.noarch",
            "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.noarch",
            "5Server-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el5.src",
            "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch",
            "5Server-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5.src",
            "5Server-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.1.el5.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XML parser information disclosure"
    }
  ]
}

RHSA-2009:1563

Vulnerability from csaf_redhat - Published: 2009-11-09 15:37 - Updated: 2025-11-21 17:35

Summary

Red Hat Security Advisory: tomcat security update

Notes

Topic

Updated tomcat packages that fix several security issues are now available for Red Hat Developer Suite 3. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the Red Hat Security Advisory RHSA-2008:0195 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacker could use this flaw to obtain sensitive information, such as session IDs, and then use this information for session hijacking attacks. (CVE-2007-5333) Note: The fix for the CVE-2007-5333 flaw changes the default cookie processing behavior: With this update, version 0 cookies that contain values that must be quoted to be valid are automatically changed to version 1 cookies. To reactivate the previous, but insecure behavior, add the following entry to the "/etc/tomcat5/catalina.properties" file: org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially-crafted requests that would cause a temporary denial of service. (CVE-2009-0033) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. (CVE-2009-0580) It was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (CVE-2009-0783) Users of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Developer Suite 3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2008:0195 did not\naddress all possible flaws in the way Tomcat handles certain characters and\ncharacter sequences in cookie values. A remote attacker could use this flaw\nto obtain sensitive information, such as session IDs, and then use this\ninformation for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: With this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to version\n1 cookies. To reactivate the previous, but insecure behavior, add the\nfollowing entry to the \"/etc/tomcat5/catalina.properties\" file:\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1563",
        "url": "https://access.redhat.com/errata/RHSA-2009:1563"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "427766",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
      },
      {
        "category": "external",
        "summary": "493381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
      },
      {
        "category": "external",
        "summary": "http://tomcat.apache.org/security-5.html",
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1563.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:35:26+00:00",
      "generator": {
        "date": "2025-11-21T17:35:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1563",
      "initial_release_date": "2009-11-09T15:37:00+00:00",
      "revision_history": [
        {
          "date": "2009-11-09T15:37:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-11-09T10:37:31+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:35:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Developer Suite v.3 (AS v.4)",
                "product": {
                  "name": "Red Hat Developer Suite v.3 (AS v.4)",
                  "product_id": "4AS-DS3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_developer_suite:3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Developer Suite v.3"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_18rh?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_18rh.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_18rh.src",
                  "product_id": "tomcat5-0:5.5.23-0jpp_18rh.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_18rh?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_18rh.src as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_18rh.src",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
          "product_id": "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch",
        "relates_to_product_reference": "4AS-DS3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-5333",
      "discovery_date": "2008-01-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427766"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Improve cookie parsing for tomcat5",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "RHBZ#427766",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
        }
      ],
      "release_date": "2008-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-09T15:37:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1563"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Improve cookie parsing for tomcat5"
    },
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-09T15:37:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1563"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0033",
      "discovery_date": "2009-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "493381"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Denial-Of-Service with AJP connection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "RHBZ#493381",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-09T15:37:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1563"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat6 Denial-Of-Service with AJP connection"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-09T15:37:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1563"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-0783",
      "discovery_date": "2009-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XML parser information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
          "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
          "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "RHBZ#504153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783"
        }
      ],
      "release_date": "2009-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-09T15:37:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1563"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-0:5.5.23-0jpp_18rh.src",
            "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_18rh.noarch",
            "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_18rh.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XML parser information disclosure"
    }
  ]
}

RHSA-2009:1146

Vulnerability from csaf_redhat - Published: 2009-07-06 11:41 - Updated: 2025-11-21 17:34

Summary

Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP05 update

Notes

Topic

Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix various issues are now available for Red Hat Enterprise Linux 4 as JBEAP 4.3.0.CP05. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 4 serves as a replacement to JBEAP 4.3.0.CP04. These updated packages include bug fixes and enhancements which are detailed in the release notes. The link to the release notes is available below in the References section of this errata. The following security issues are also fixed with this release: It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications deployed on JBossWeb when FORM-based authentication was used. (CVE-2009-0580) It was discovered that web applications containing their own XML parsers could replace the XML parser JBossWeb uses to parse configuration files. A malicious web application running on a JBossWeb instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same JBossWeb instance. (CVE-2009-0783) Warning: before applying this update, please back up the JBEAP "server/[configuration]/deploy/" directory, and any other customized configuration files. All users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade to these updated packages.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix\nvarious issues are now available for Red Hat Enterprise Linux 4 as JBEAP\n4.3.0.CP05.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.3.0.CP04.\n\nThese updated packages include bug fixes and enhancements which are\ndetailed in the release notes. The link to the release notes is available\nbelow in the References section of this errata.\n\nThe following security issues are also fixed with this release:\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications deployed on JBossWeb when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser JBossWeb uses to parse configuration files. A\nmalicious web application running on a JBossWeb instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same JBossWeb instance. (CVE-2009-0783)\n\nWarning: before applying this update, please back up the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1146",
        "url": "https://access.redhat.com/errata/RHSA-2009:1146"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp05/html-single/Release_Notes/index.html",
        "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp05/html-single/Release_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/security/updates/classification/#important",
        "url": "http://www.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "499608",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499608"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1146.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP05 update",
    "tracking": {
      "current_release_date": "2025-11-21T17:34:51+00:00",
      "generator": {
        "date": "2025-11-21T17:34:51+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1146",
      "initial_release_date": "2009-07-06T11:41:00+00:00",
      "revision_history": [
        {
          "date": "2009-07-06T11:41:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-07-06T07:41:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:34:51+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
                  "product_id": "4AS-JBEAP-4.3.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
                  "product_id": "4ES-JBEAP-4.3.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
                "product": {
                  "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
                  "product_id": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaxb-javadoc@2.1.4-1.11.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
                "product": {
                  "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
                  "product_id": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaxb@2.1.4-1.11.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
                  "product_id": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch02.1jpp.ep1.2.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
                "product": {
                  "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
                  "product_id": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-spi@1.0.0-1.GA_CP02.1.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.6-1.ep1.el4.noarch",
                "product": {
                  "name": "jgroups-1:2.4.6-1.ep1.el4.noarch",
                  "product_id": "jgroups-1:2.4.6-1.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
                "product": {
                  "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
                  "product_id": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-common@1.0.0-2.GA_CP04.1.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
                "product": {
                  "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
                  "product_id": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-framework@2.0.1-1.GA_CP04.2.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
                "product": {
                  "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
                  "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
                  "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
                "product": {
                  "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
                  "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
                  "product_id": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-9jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
                "product": {
                  "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
                  "product_id": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-2.SP3_CP08.1.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
                "product": {
                  "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
                  "product_id": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
                "product": {
                  "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
                  "product_id": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-native42@2.0.1-3.SP2_CP06.3.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
                "product": {
                  "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
                  "product_id": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws@2.0.1-3.SP2_CP06.3.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                  "product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
                "product": {
                  "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
                  "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
                "product": {
                  "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
                  "product_id": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations-javadoc@3.0.0-1jpp.ep1.5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                "product": {
                  "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                  "product_id": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.GA_CP01.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                "product": {
                  "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                  "product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.10.GA_CP01.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
                  "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
                  "product_id": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.3.2-2.4.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
                "product": {
                  "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
                  "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
                "product": {
                  "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
                  "product_id": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator-javadoc@3.0.0-1jpp.ep1.8.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
                  "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
                "product": {
                  "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
                  "product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
                "product": {
                  "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
                  "product_id": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
                "product": {
                  "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
                  "product_id": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.3.0-5.GA_CP05.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
                "product": {
                  "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
                  "product_id": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-5.GA_CP05.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
                "product": {
                  "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
                  "product_id": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-4.3.0.GA_CP05-bin@4.3.0-4.GA_CP05.6.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
                "product": {
                  "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
                  "product_id": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-client@4.3.0-4.GA_CP05.6.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
                "product": {
                  "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
                  "product_id": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.3.0-4.GA_CP05.6.ep1.el4?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
                "product": {
                  "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
                  "product_id": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/glassfish-jaxb@2.1.4-1.11.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
                "product": {
                  "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
                  "product_id": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch02.1jpp.ep1.2.el4?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
                "product": {
                  "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
                  "product_id": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-spi@1.0.0-1.GA_CP02.1.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.6-1.ep1.el4.src",
                "product": {
                  "name": "jgroups-1:2.4.6-1.ep1.el4.src",
                  "product_id": "jgroups-1:2.4.6-1.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el4?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
                "product": {
                  "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
                  "product_id": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-common@1.0.0-2.GA_CP04.1.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
                "product": {
                  "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
                  "product_id": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws-framework@2.0.1-1.GA_CP04.2.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
                "product": {
                  "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
                  "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
                "product": {
                  "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
                  "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el4?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
                "product": {
                  "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
                  "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
                "product": {
                  "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
                  "product_id": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-9jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
                "product": {
                  "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
                  "product_id": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-messaging@1.4.0-2.SP3_CP08.1.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src",
                "product": {
                  "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src",
                  "product_id": "jboss-remoting-0:2.2.3-2.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
                "product": {
                  "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
                  "product_id": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossws@2.0.1-3.SP2_CP06.3.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
                "product": {
                  "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
                  "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
                "product": {
                  "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
                  "product_id": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.GA_CP01.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
                  "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
                "product": {
                  "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
                  "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
                "product": {
                  "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
                  "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
                "product": {
                  "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
                  "product_id": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
                "product": {
                  "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
                  "product_id": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.3.0-5.GA_CP05.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
                "product": {
                  "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
                  "product_id": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.3.0-4.GA_CP05.6.ep1.el4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch"
        },
        "product_reference": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src"
        },
        "product_reference": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch"
        },
        "product_reference": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch"
        },
        "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch"
        },
        "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src"
        },
        "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch"
        },
        "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src"
        },
        "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch"
        },
        "product_reference": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch"
        },
        "product_reference": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch"
        },
        "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src"
        },
        "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch"
        },
        "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src"
        },
        "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch"
        },
        "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src"
        },
        "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch"
        },
        "product_reference": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch"
        },
        "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src"
        },
        "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src"
        },
        "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch"
        },
        "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
        },
        "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch"
        },
        "product_reference": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src"
        },
        "product_reference": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch"
        },
        "product_reference": "glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch"
        },
        "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch"
        },
        "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src"
        },
        "product_reference": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch"
        },
        "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src"
        },
        "product_reference": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch"
        },
        "product_reference": "jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch"
        },
        "product_reference": "jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch"
        },
        "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src"
        },
        "product_reference": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch"
        },
        "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src"
        },
        "product_reference": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch"
        },
        "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src"
        },
        "product_reference": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch"
        },
        "product_reference": "jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch"
        },
        "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src"
        },
        "product_reference": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src"
        },
        "product_reference": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch"
        },
        "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
        },
        "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP-4.3.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
          "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
          "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
          "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
          "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
          "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
            "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
            "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
            "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1146"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
          "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
          "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
          "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
          "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
          "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
            "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
            "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
            "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1146"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
            "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
            "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
            "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-0783",
      "discovery_date": "2009-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XML parser information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
          "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
          "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
          "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
          "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
          "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
          "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
          "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
          "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "RHBZ#504153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783"
        }
      ],
      "release_date": "2009-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:41:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
            "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
            "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
            "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1146"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
            "4AS-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4AS-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4AS-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4AS-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
            "4AS-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4AS-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
            "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
            "4AS-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4AS-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-0:2.1.4-1.11.ep1.el4.src",
            "4ES-JBEAP-4.3.0:glassfish-jaxb-javadoc-0:2.1.4-1.11.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP-4.3.0:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4ES-JBEAP-4.3.0:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4ES-JBEAP-4.3.0:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4ES-JBEAP-4.3.0:jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.src",
            "4ES-JBEAP-4.3.0:jboss-seam-docs-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossas-4.3.0.GA_CP05-bin-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossas-client-0:4.3.0-4.GA_CP05.6.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jbossws-native42-0:2.0.1-3.SP2_CP06.3.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4ES-JBEAP-4.3.0:jgroups-1:2.4.6-1.ep1.el4.src",
            "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4.src",
            "4ES-JBEAP-4.3.0:rh-eap-docs-examples-0:4.3.0-5.GA_CP05.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4ES-JBEAP-4.3.0:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XML parser information disclosure"
    }
  ]
}

RHSA-2009:1506

Vulnerability from csaf_redhat - Published: 2009-10-14 16:15 - Updated: 2025-11-21 17:35

Summary

Red Hat Security Advisory: tomcat6 security update

Notes

Topic

Updated tomcat6 packages that fix several security issues are now available for JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially-crafted requests that would cause a temporary denial of service. (CVE-2009-0033) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. (CVE-2009-0580) It was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (CVE-2009-0783) Users of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tomcat6 packages that fix several security issues are now available\nfor JBoss Enterprise Web Server 1.0.0 for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1506",
        "url": "https://access.redhat.com/errata/RHSA-2009:1506"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://tomcat.apache.org/security-6.html",
        "url": "http://tomcat.apache.org/security-6.html"
      },
      {
        "category": "external",
        "summary": "493381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1506.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat6 security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:35:20+00:00",
      "generator": {
        "date": "2025-11-21T17:35:20+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1506",
      "initial_release_date": "2009-10-14T16:15:00+00:00",
      "revision_history": [
        {
          "date": "2009-10-14T16:15:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-10-14T12:15:15+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:35:20+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
                  "product_id": "5Server-JBEWS-5.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
                "product": {
                  "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
                  "product_id": "4AS-JBEWS-5.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
                "product": {
                  "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
                  "product_id": "4ES-JBEWS-5.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
                "product": {
                  "name": "tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_id": "tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.18-12.0.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
                "product": {
                  "name": "tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_id": "tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.18-12.0.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
                "product": {
                  "name": "tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_id": "tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.18-12.0.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
                "product": {
                  "name": "tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_id": "tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.18-12.0.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
                "product": {
                  "name": "tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_id": "tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-lib@6.0.18-12.0.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
                "product": {
                  "name": "tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_id": "tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.18-12.0.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch",
                "product": {
                  "name": "tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_id": "tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.18-12.0.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
                "product": {
                  "name": "tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_id": "tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6@6.0.18-12.0.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
                "product": {
                  "name": "tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_id": "tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.18-12.0.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
                "product": {
                  "name": "tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_id": "tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.18-12.0.ep5.el5?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
                "product": {
                  "name": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_id": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.18-11.3.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
                "product": {
                  "name": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_id": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.18-11.3.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
                "product": {
                  "name": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_id": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.18-11.3.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
                "product": {
                  "name": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_id": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.18-11.3.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
                "product": {
                  "name": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_id": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.18-11.3.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
                "product": {
                  "name": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_id": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-lib@6.0.18-11.3.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
                "product": {
                  "name": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_id": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.18-11.3.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
                "product": {
                  "name": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_id": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.18-11.3.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
                "product": {
                  "name": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_id": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6@6.0.18-11.3.ep5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
                "product": {
                  "name": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_id": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.18-11.3.ep5.el4?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat6-0:6.0.18-12.0.ep5.el5.src",
                "product": {
                  "name": "tomcat6-0:6.0.18-12.0.ep5.el5.src",
                  "product_id": "tomcat6-0:6.0.18-12.0.ep5.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6@6.0.18-12.0.ep5.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat6-0:6.0.18-11.3.ep5.el4.src",
                "product": {
                  "name": "tomcat6-0:6.0.18-11.3.ep5.el4.src",
                  "product_id": "tomcat6-0:6.0.18-11.3.ep5.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat6@6.0.18-11.3.ep5.el4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.18-11.3.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src"
        },
        "product_reference": "tomcat6-0:6.0.18-11.3.ep5.el4.src",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.18-11.3.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src"
        },
        "product_reference": "tomcat6-0:6.0.18-11.3.ep5.el4.src",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch"
        },
        "product_reference": "tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch"
        },
        "product_reference": "tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-0:6.0.18-12.0.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src"
        },
        "product_reference": "tomcat6-0:6.0.18-12.0.ep5.el5.src",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch"
        },
        "product_reference": "tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch"
        },
        "product_reference": "tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch"
        },
        "product_reference": "tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch"
        },
        "product_reference": "tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch"
        },
        "product_reference": "tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch"
        },
        "product_reference": "tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch"
        },
        "product_reference": "tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch"
        },
        "product_reference": "tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
        },
        "product_reference": "tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
          "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
          "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src",
          "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-10-14T16:15:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1506"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0033",
      "discovery_date": "2009-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "493381"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Denial-Of-Service with AJP connection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
          "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
          "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src",
          "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "RHBZ#493381",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-10-14T16:15:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1506"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat6 Denial-Of-Service with AJP connection"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
          "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
          "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src",
          "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-10-14T16:15:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1506"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-0783",
      "discovery_date": "2009-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XML parser information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
          "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
          "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
          "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src",
          "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
          "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "RHBZ#504153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783"
        }
      ],
      "release_date": "2009-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-10-14T16:15:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1506"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-0:6.0.18-11.3.ep5.el4.src",
            "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-11.3.ep5.el4.noarch",
            "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-11.3.ep5.el4.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-0:6.0.18-12.0.ep5.el5.src",
            "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.18-12.0.ep5.el5.noarch",
            "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.18-12.0.ep5.el5.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XML parser information disclosure"
    }
  ]
}

RHSA-2009:1562

Vulnerability from csaf_redhat - Published: 2009-11-09 15:26 - Updated: 2025-11-21 17:35

Summary

Red Hat Security Advisory: tomcat security update

Notes

Topic

Updated tomcat packages that fix several security issues are now available for Red Hat Application Server v2. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the Red Hat Security Advisory RHSA-2007:0876 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacker could use this flaw to obtain sensitive information, such as session IDs, and then use this information for session hijacking attacks. (CVE-2007-5333) Note: The fix for the CVE-2007-5333 flaw changes the default cookie processing behavior: With this update, version 0 cookies that contain values that must be quoted to be valid are automatically changed to version 1 cookies. To reactivate the previous, but insecure behavior, add the following entry to the "/etc/tomcat5/catalina.properties" file: org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially-crafted requests that would cause a temporary denial of service. (CVE-2009-0033) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. (CVE-2009-0580) A cross-site scripting (XSS) flaw was found in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the "time" parameter. (CVE-2009-0781) It was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (CVE-2009-0783) Users of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Application Server v2.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2007:0876 did not\naddress all possible flaws in the way Tomcat handles certain characters and\ncharacter sequences in cookie values. A remote attacker could use this flaw\nto obtain sensitive information, such as session IDs, and then use this\ninformation for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: With this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to version\n1 cookies. To reactivate the previous, but insecure behavior, add the\nfollowing entry to the \"/etc/tomcat5/catalina.properties\" file:\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nA cross-site scripting (XSS) flaw was found in the examples calendar\napplication. With some web browsers, remote attackers could use this flaw\nto inject arbitrary web script or HTML via the \"time\" parameter.\n(CVE-2009-0781)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1562",
        "url": "https://access.redhat.com/errata/RHSA-2009:1562"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://tomcat.apache.org/security-5.html",
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "category": "external",
        "summary": "427766",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
      },
      {
        "category": "external",
        "summary": "489028",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=489028"
      },
      {
        "category": "external",
        "summary": "493381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1562.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:35:26+00:00",
      "generator": {
        "date": "2025-11-21T17:35:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1562",
      "initial_release_date": "2009-11-09T15:26:00+00:00",
      "revision_history": [
        {
          "date": "2009-11-09T15:26:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-11-09T10:26:22+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:35:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Application Server v2 4AS",
                "product": {
                  "name": "Red Hat Application Server v2 4AS",
                  "product_id": "4AS-RHAPS2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_server:2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Application Server v2 4ES",
                "product": {
                  "name": "Red Hat Application Server v2 4ES",
                  "product_id": "4ES-RHAPS2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_server:2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Application Server v2 4WS",
                "product": {
                  "name": "Red Hat Application Server v2 4WS",
                  "product_id": "4WS-RHAPS2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_application_server:2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Application Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp_4rh.16?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                  "product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4AS",
          "product_id": "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4AS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4ES",
          "product_id": "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4ES-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Application Server v2 4WS",
          "product_id": "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
        "relates_to_product_reference": "4WS-RHAPS2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-5333",
      "discovery_date": "2008-01-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427766"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Improve cookie parsing for tomcat5",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "RHBZ#427766",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
        }
      ],
      "release_date": "2008-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-09T15:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1562"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Improve cookie parsing for tomcat5"
    },
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-09T15:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1562"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0033",
      "discovery_date": "2009-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "493381"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Denial-Of-Service with AJP connection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "RHBZ#493381",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-09T15:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1562"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat6 Denial-Of-Service with AJP connection"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-09T15:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1562"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-0781",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2009-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "489028"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to \"invalid HTML.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: XSS in Apache Tomcat calendar application",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0781\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0781"
        },
        {
          "category": "external",
          "summary": "RHBZ#489028",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=489028"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0781",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0781",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0781"
        }
      ],
      "release_date": "2009-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-09T15:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1562"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: XSS in Apache Tomcat calendar application"
    },
    {
      "cve": "CVE-2009-0783",
      "discovery_date": "2009-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XML parser information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
          "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
          "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "RHBZ#504153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783"
        }
      ],
      "release_date": "2009-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-11-09T15:26:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1562"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.16.src",
            "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.16.noarch",
            "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.16.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XML parser information disclosure"
    }
  ]
}

RHSA-2009:1144

Vulnerability from csaf_redhat - Published: 2009-07-06 11:42 - Updated: 2025-11-21 17:34

Summary

Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP07 update

Notes

Topic

Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix various issues are now available for Red Hat Enterprise Linux 4 as JBEAP 4.2.0.CP07. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution. This release of JBEAP for Red Hat Enterprise Linux 4 serves as a replacement to JBEAP 4.2.0.CP06. These updated packages include bug fixes and enhancements which are detailed in the release notes. The link to the release notes is available below in the References section of this errata. The following security issues are also fixed with this release: It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications deployed on JBossWeb when FORM-based authentication was used. (CVE-2009-0580) It was discovered that web applications containing their own XML parsers could replace the XML parser JBossWeb uses to parse configuration files. A malicious web application running on a JBossWeb instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same JBossWeb instance. (CVE-2009-0783) Warning: before applying this update, please back up the JBEAP "server/[configuration]/deploy/" directory, and any other customized configuration files. All users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade to these updated packages.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix\nvarious issues are now available for Red Hat Enterprise Linux 4 as JBEAP\n4.2.0.CP07.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a\nreplacement to JBEAP 4.2.0.CP06.\n\nThese updated packages include bug fixes and enhancements which are\ndetailed in the release notes. The link to the release notes is available\nbelow in the References section of this errata.\n\nThe following security issues are also fixed with this release:\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications deployed on JBossWeb when FORM-based authentication was used.\n(CVE-2009-0580)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser JBossWeb uses to parse configuration files. A\nmalicious web application running on a JBossWeb instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same JBossWeb instance. (CVE-2009-0783)\n\nWarning: before applying this update, please back up the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade\nto these updated packages.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1144",
        "url": "https://access.redhat.com/errata/RHSA-2009:1144"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp07/html-single/Release_Notes/index.html",
        "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp07/html-single/Release_Notes/index.html"
      },
      {
        "category": "external",
        "summary": "499605",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=499605"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1144.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 4.2.0.CP07 update",
    "tracking": {
      "current_release_date": "2025-11-21T17:34:53+00:00",
      "generator": {
        "date": "2025-11-21T17:34:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1144",
      "initial_release_date": "2009-07-06T11:42:00+00:00",
      "revision_history": [
        {
          "date": "2009-07-06T11:42:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-07-06T07:42:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:34:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
                  "product_id": "4AS-JBEAP",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
                  "product_id": "4ES-JBEAP",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
                "product": {
                  "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
                  "product_id": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch02.1jpp.ep1.2.el4?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.6-1.ep1.el4.src",
                "product": {
                  "name": "jgroups-1:2.4.6-1.ep1.el4.src",
                  "product_id": "jgroups-1:2.4.6-1.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el4?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
                "product": {
                  "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
                  "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
                "product": {
                  "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
                  "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el4?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
                "product": {
                  "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
                  "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
                "product": {
                  "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
                  "product_id": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-9jpp.ep1.2.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src",
                "product": {
                  "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src",
                  "product_id": "jboss-remoting-0:2.2.3-2.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
                "product": {
                  "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
                  "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
                "product": {
                  "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
                  "product_id": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.GA_CP01.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
                  "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.ep1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
                "product": {
                  "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
                  "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
                "product": {
                  "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
                  "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.src",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.src",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.19.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.19.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
                  "product_id": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-5.GA_CP07.ep1.1.el4?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
                "product": {
                  "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
                  "product_id": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP07.5.ep1.el4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
                  "product_id": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hsqldb@1.8.0.8-2.patch02.1jpp.ep1.2.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jgroups-1:2.4.6-1.ep1.el4.noarch",
                "product": {
                  "name": "jgroups-1:2.4.6-1.ep1.el4.noarch",
                  "product_id": "jgroups-1:2.4.6-1.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jgroups@2.4.6-1.ep1.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
                "product": {
                  "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
                  "product_id": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-cache@1.4.1-6.SP13.1.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
                  "product_id": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossts@4.2.3-1.SP5_CP05.1jpp.ep1.1.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
                "product": {
                  "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
                  "product_id": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jakarta-slide-webdavclient@2.1-9.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                  "product_id": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-javadoc@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                  "product_id": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3@3.2.4-1.SP1_CP08.0jpp.ep1.2.el4?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
                "product": {
                  "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
                  "product_id": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/xerces-j2@2.7.1-9jpp.ep1.2.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
                "product": {
                  "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
                  "product_id": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-remoting@2.2.3-2.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
                "product": {
                  "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
                  "product_id": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations@3.0.0-1jpp.ep1.5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
                "product": {
                  "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
                  "product_id": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-commons-annotations-javadoc@3.0.0-1jpp.ep1.5.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                "product": {
                  "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                  "product_id": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations@3.3.1-1.10.GA_CP01.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                "product": {
                  "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                  "product_id": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-annotations-javadoc@3.3.1-1.10.GA_CP01.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
                  "product_id": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager@3.3.2-2.4.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
                "product": {
                  "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
                  "product_id": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-entitymanager-javadoc@3.3.2-2.4.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
                "product": {
                  "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
                  "product_id": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator@3.0.0-1jpp.ep1.8.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
                "product": {
                  "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
                  "product_id": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/hibernate3-validator-javadoc@3.0.0-1jpp.ep1.8.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
                "product": {
                  "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
                  "product_id": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@2.0.0-6.CP11.0jpp.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
                "product": {
                  "name": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
                  "product_id": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam-docs@1.2.1-1.ep1.19.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
                "product": {
                  "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
                  "product_id": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jboss-seam@1.2.1-1.ep1.19.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
                "product": {
                  "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
                  "product_id": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs-examples@4.2.0-5.GA_CP07.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
                "product": {
                  "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
                  "product_id": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-eap-docs@4.2.0-5.GA_CP07.ep1.1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
                "product": {
                  "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
                  "product_id": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-client@4.2.0-4.GA_CP07.5.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
                "product": {
                  "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
                  "product_id": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas-4.2.0.GA_CP07-bin@4.2.0-4.GA_CP07.5.ep1.el4?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
                "product": {
                  "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
                  "product_id": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossas@4.2.0-4.GA_CP07.5.ep1.el4?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch"
        },
        "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.19.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch"
        },
        "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src"
        },
        "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch"
        },
        "product_reference": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch"
        },
        "product_reference": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch"
        },
        "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
          "product_id": "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
        },
        "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4AS-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src"
        },
        "product_reference": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src"
        },
        "product_reference": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src"
        },
        "product_reference": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch"
        },
        "product_reference": "hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src"
        },
        "product_reference": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch"
        },
        "product_reference": "hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src"
        },
        "product_reference": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch"
        },
        "product_reference": "hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src"
        },
        "product_reference": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src"
        },
        "product_reference": "jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src"
        },
        "product_reference": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-remoting-0:2.2.3-2.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src"
        },
        "product_reference": "jboss-remoting-0:2.2.3-2.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-0:1.2.1-1.ep1.19.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src"
        },
        "product_reference": "jboss-seam-0:1.2.1-1.ep1.19.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch"
        },
        "product_reference": "jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch"
        },
        "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src"
        },
        "product_reference": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch"
        },
        "product_reference": "jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch"
        },
        "product_reference": "jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src"
        },
        "product_reference": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src"
        },
        "product_reference": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jgroups-1:2.4.6-1.ep1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src"
        },
        "product_reference": "jgroups-1:2.4.6-1.ep1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src"
        },
        "product_reference": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch"
        },
        "product_reference": "rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch"
        },
        "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
        "relates_to_product_reference": "4ES-JBEAP"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
          "product_id": "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
        },
        "product_reference": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
        "relates_to_product_reference": "4ES-JBEAP"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
          "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
          "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
          "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
          "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
          "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
          "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:42:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
            "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
            "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
            "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
            "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
            "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
            "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1144"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
          "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
          "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
          "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
          "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
          "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
          "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:42:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
            "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
            "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
            "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
            "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
            "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
            "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1144"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
            "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
            "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
            "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
            "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
            "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
            "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-0783",
      "discovery_date": "2009-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XML parser information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
          "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
          "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
          "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
          "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
          "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
          "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
          "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
          "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
          "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
          "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
          "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
          "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
          "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
          "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
          "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
          "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
          "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
          "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
          "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
          "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
          "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
          "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
          "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
          "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
          "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
          "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
          "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "RHBZ#504153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783"
        }
      ],
      "release_date": "2009-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-06T11:42:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
            "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
            "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
            "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
            "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
            "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
            "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1144"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4AS-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4AS-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4AS-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4AS-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4AS-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4AS-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4AS-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4AS-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
            "4AS-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
            "4AS-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
            "4AS-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4AS-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4AS-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4AS-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
            "4AS-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4AS-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.src",
            "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4.src",
            "4ES-JBEAP:hibernate3-annotations-javadoc-0:3.3.1-1.10.GA_CP01.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP:hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4.src",
            "4ES-JBEAP:hibernate3-commons-annotations-javadoc-0:3.0.0-1jpp.ep1.5.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4.src",
            "4ES-JBEAP:hibernate3-entitymanager-javadoc-0:3.3.2-2.4.ep1.el4.noarch",
            "4ES-JBEAP:hibernate3-javadoc-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP:hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4.src",
            "4ES-JBEAP:hibernate3-validator-javadoc-0:3.0.0-1jpp.ep1.8.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4.src",
            "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.noarch",
            "4ES-JBEAP:jakarta-slide-webdavclient-0:2.1-9.2.el4.src",
            "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.noarch",
            "4ES-JBEAP:jboss-cache-0:1.4.1-6.SP13.1.ep1.el4.src",
            "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.noarch",
            "4ES-JBEAP:jboss-remoting-0:2.2.3-2.ep1.el4.src",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.noarch",
            "4ES-JBEAP:jboss-seam-0:1.2.1-1.ep1.19.el4.src",
            "4ES-JBEAP:jboss-seam-docs-0:1.2.1-1.ep1.19.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4.src",
            "4ES-JBEAP:jbossas-4.2.0.GA_CP07-bin-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossas-client-0:4.2.0-4.GA_CP07.5.ep1.el4.noarch",
            "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4.src",
            "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.noarch",
            "4ES-JBEAP:jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4.src",
            "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.noarch",
            "4ES-JBEAP:jgroups-1:2.4.6-1.ep1.el4.src",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4ES-JBEAP:rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4.src",
            "4ES-JBEAP:rh-eap-docs-examples-0:4.2.0-5.GA_CP07.ep1.1.el4.noarch",
            "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.noarch",
            "4ES-JBEAP:xerces-j2-0:2.7.1-9jpp.ep1.2.el4.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XML parser information disclosure"
    }
  ]
}

RHSA-2009:1164

Vulnerability from csaf_redhat - Published: 2009-07-21 20:50 - Updated: 2025-11-21 17:34

Summary

Red Hat Security Advisory: tomcat security update

Notes

Topic

Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the Red Hat Security Advisory RHSA-2007:0871 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacker could use this flaw to obtain sensitive information, such as session IDs, and then use this information for session hijacking attacks. (CVE-2007-5333) Note: The fix for the CVE-2007-5333 flaw changes the default cookie processing behavior: with this update, version 0 cookies that contain values that must be quoted to be valid are automatically changed to version 1 cookies. To reactivate the previous, but insecure behavior, add the following entry to the "/etc/tomcat5/catalina.properties" file: org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially-crafted requests that would cause a temporary denial of service. (CVE-2009-0033) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. (CVE-2009-0580) A cross-site scripting (XSS) flaw was found in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the "time" parameter. (CVE-2009-0781) It was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (CVE-2009-0783) Users of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nIt was discovered that the Red Hat Security Advisory RHSA-2007:0871 did not\naddress all possible flaws in the way Tomcat handles certain characters and\ncharacter sequences in cookie values. A remote attacker could use this flaw\nto obtain sensitive information, such as session IDs, and then use this\ninformation for session hijacking attacks. (CVE-2007-5333)\n\nNote: The fix for the CVE-2007-5333 flaw changes the default cookie\nprocessing behavior: with this update, version 0 cookies that contain\nvalues that must be quoted to be valid are automatically changed to version\n1 cookies. To reactivate the previous, but insecure behavior, add the\nfollowing entry to the \"/etc/tomcat5/catalina.properties\" file:\n\norg.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false\n\nIt was discovered that request dispatchers did not properly normalize user\nrequests that have trailing query strings, allowing remote attackers to\nsend specially-crafted requests that would cause an information leak.\n(CVE-2008-5515)\n\nA flaw was found in the way the Tomcat AJP (Apache JServ Protocol)\nconnector processes AJP connections. An attacker could use this flaw to\nsend specially-crafted requests that would cause a temporary denial of\nservice. (CVE-2009-0033)\n\nIt was discovered that the error checking methods of certain authentication\nclasses did not have sufficient error checking, allowing remote attackers\nto enumerate (via brute force methods) usernames registered with\napplications running on Tomcat when FORM-based authentication was used.\n(CVE-2009-0580)\n\nA cross-site scripting (XSS) flaw was found in the examples calendar\napplication. With some web browsers, remote attackers could use this flaw\nto inject arbitrary web script or HTML via the \"time\" parameter.\n(CVE-2009-0781)\n\nIt was discovered that web applications containing their own XML parsers\ncould replace the XML parser Tomcat uses to parse configuration files. A\nmalicious web application running on a Tomcat instance could read or,\npotentially, modify the configuration and XML-based data of other web\napplications deployed on the same Tomcat instance. (CVE-2009-0783)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1164",
        "url": "https://access.redhat.com/errata/RHSA-2009:1164"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://tomcat.apache.org/security-5.html",
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "category": "external",
        "summary": "427766",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
      },
      {
        "category": "external",
        "summary": "489028",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=489028"
      },
      {
        "category": "external",
        "summary": "493381",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
      },
      {
        "category": "external",
        "summary": "503978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
      },
      {
        "category": "external",
        "summary": "504153",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
      },
      {
        "category": "external",
        "summary": "504753",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1164.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:34:54+00:00",
      "generator": {
        "date": "2025-11-21T17:34:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2009:1164",
      "initial_release_date": "2009-07-21T20:50:00+00:00",
      "revision_history": [
        {
          "date": "2009-07-21T20:50:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-07-21T16:56:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:34:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
                  "product_id": "5Client",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                  "product_id": "5Client-Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_3.2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_3.2?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
                  "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_3.2?arch=ia64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_3.2?arch=ppc"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=ppc64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
                  "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=ppc64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
                "product": {
                  "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_3.2?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
          "product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Client"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        },
        "product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-5333",
      "discovery_date": "2008-01-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "427766"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Improve cookie parsing for tomcat5",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "RHBZ#427766",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
        }
      ],
      "release_date": "2008-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-21T20:50:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1164"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Improve cookie parsing for tomcat5"
    },
    {
      "cve": "CVE-2008-5515",
      "discovery_date": "2009-06-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504753"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat request dispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "RHBZ#504753",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
        }
      ],
      "release_date": "2009-06-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-21T20:50:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1164"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat request dispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2009-0033",
      "discovery_date": "2009-01-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "493381"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Denial-Of-Service with AJP connection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "RHBZ#493381",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-21T20:50:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1164"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat6 Denial-Of-Service with AJP connection"
    },
    {
      "cve": "CVE-2009-0580",
      "discovery_date": "2009-06-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "503978"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat6 Information disclosure in authentication classes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "RHBZ#503978",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
        }
      ],
      "release_date": "2009-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-21T20:50:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1164"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat6 Information disclosure in authentication classes"
    },
    {
      "cve": "CVE-2009-0781",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2009-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "489028"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to \"invalid HTML.\"",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: XSS in Apache Tomcat calendar application",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0781\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0781"
        },
        {
          "category": "external",
          "summary": "RHBZ#489028",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=489028"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0781",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0781",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0781"
        }
      ],
      "release_date": "2009-03-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-21T20:50:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1164"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: XSS in Apache Tomcat calendar application"
    },
    {
      "cve": "CVE-2009-0783",
      "discovery_date": "2009-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "504153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat XML parser information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
          "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
          "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "RHBZ#504153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0783",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0783"
        }
      ],
      "release_date": "2009-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-07-21T20:50:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1164"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 1.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Client:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.src",
            "5Server:tomcat5-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.ppc64",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_3.2.x86_64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.i386",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ia64",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.ppc",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.s390x",
            "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat XML parser information disclosure"
    }
  ]
}

CERTA-2011-AVI-221

Vulnerability from certfr_avis - Published: 2011-04-14 - Updated: 2011-04-14

De multiples vulnérabilités ont été corrigées dans les produits BlackBerry Enterprise Server, avec des impacts variés.

Description

Les produits BlackBerry Enterprise Server contiennent une version vulnérable du serveur Web Apache. Les vulnérabilités peuvent être exploitées par un attaquant pour exécuter du code de manière indirecte, accéder à des données confidentielles et altérer le service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	BlackBerry Enterprise Server versions 4.1.4 à 5.0.2 pour IBM Lotus Domino ;
Microsoft	N/A	BlackBerry Enterprise Server Express versions 5.0.1 et 5.0.2 MR1 pour Microsoft Exchange ;
Novell	N/A	BlackBerry Enterprise Server versions 4.1.4 à 5.0.1 pour Novell GroupWise.
N/A	N/A	BlackBerry Enterprise Server Express version 5.0.2 pour IBM Lotus Domino ;
Microsoft	N/A	BlackBerry Enterprise Server versions 4.1.4 à 5.0.2 MR1 pour Microsoft Exchange ;

References

Title

Publication Time

Tags

Bulletins de sécurité BlackBerry KB25966 du 12 avril 2011	None	vendor-advisory
Bulletin de sécurité BlackBerry KB25966 du 12 avril 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BlackBerry Enterprise Server versions 4.1.4 \u00e0 5.0.2 pour IBM Lotus Domino ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server Express versions 5.0.1 et 5.0.2 MR1 pour Microsoft Exchange ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server versions 4.1.4 \u00e0 5.0.1 pour Novell GroupWise.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Novell",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server Express version 5.0.2 pour IBM Lotus Domino ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BlackBerry Enterprise Server versions 4.1.4 \u00e0 5.0.2 MR1 pour Microsoft Exchange ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes produits BlackBerry Enterprise Server contiennent une version\nvuln\u00e9rable du serveur Web Apache. Les vuln\u00e9rabilit\u00e9s peuvent \u00eatre\nexploit\u00e9es par un attaquant pour ex\u00e9cuter du code de mani\u00e8re indirecte,\nacc\u00e9der \u00e0 des donn\u00e9es confidentielles et alt\u00e9rer le service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2007-1858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1858"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2010-2227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2227"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2007-3385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
    }
  ],
  "initial_release_date": "2011-04-14T00:00:00",
  "last_revision_date": "2011-04-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 BlackBerry KB25966 du 12 avril 2011 :",
      "url": "http://www.blackberry.com/btsc/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=KB25966"
    }
  ],
  "reference": "CERTA-2011-AVI-221",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits\nBlackBerry Enterprise Server, avec des impacts vari\u00e9s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Blackberry Enterprise Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 BlackBerry KB25966 du 12 avril 2011",
      "url": null
    }
  ]
}

CERTA-2009-AVI-513

Vulnerability from certfr_avis - Published: 2009-11-24 - Updated: 2009-11-24

Plusieurs vulnérabilités découvertes dans les produits VMware peuvent être exploitées à distance par un utilisateur malintentionné afin de compromettre le système vulnérable ou encore d'entraver son bon fonctionnement.

Description

Les vulnérabilités présentes dans les produits VMware peuvent être exploitées afin de porter atteinte à l'intégrité et à la confidentialité des données, de réaliser un déni de service, d'injecter et d'exécuter indirectement du code arbitraire, d'élever ses privilèges ou d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Server 2.x ;
VMware	ESXi	VMware ESXi 3.x ;
VMware	N/A	VMware vMA 4.x.
VMware	N/A	VMware ESX Server 4.x ;
VMware	N/A	VMware ESX Server 2.x ;
VMware	N/A	VMware ESX Server 3.x ;
VMware	ESXi	VMware ESXi 4.x ;
VMware	vCenter Server	VMware vCenter Server 4.x ;
VMware	N/A	VMware VirtualCenter 2.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité VMware du 20 novembre 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 3.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vMA 4.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 4.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi 4.x ;",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware vCenter Server 4.x ;",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VirtualCenter 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLes vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits VMware peuvent \u00eatre\nexploit\u00e9es afin de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, de r\u00e9aliser un d\u00e9ni de service, d\u0027injecter et d\u0027ex\u00e9cuter\nindirectement du code arbitraire, d\u0027\u00e9lever ses privil\u00e8ges ou d\u0027ex\u00e9cuter\ndu code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2724"
    },
    {
      "name": "CVE-2009-0676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0676"
    },
    {
      "name": "CVE-2009-2721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2721"
    },
    {
      "name": "CVE-2008-3143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3143"
    },
    {
      "name": "CVE-2009-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2692"
    },
    {
      "name": "CVE-2009-2406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2406"
    },
    {
      "name": "CVE-2009-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1389"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2009-1106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1106"
    },
    {
      "name": "CVE-2009-1072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1072"
    },
    {
      "name": "CVE-2008-4307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4307"
    },
    {
      "name": "CVE-2009-1104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1104"
    },
    {
      "name": "CVE-2009-2407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2407"
    },
    {
      "name": "CVE-2008-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3142"
    },
    {
      "name": "CVE-2009-1101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1101"
    },
    {
      "name": "CVE-2009-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
    },
    {
      "name": "CVE-2009-1385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1385"
    },
    {
      "name": "CVE-2009-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0746"
    },
    {
      "name": "CVE-2009-2673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2673"
    },
    {
      "name": "CVE-2007-5966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5966"
    },
    {
      "name": "CVE-2009-2719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2719"
    },
    {
      "name": "CVE-2008-4864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4864"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2009-1439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1439"
    },
    {
      "name": "CVE-2009-0322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0322"
    },
    {
      "name": "CVE-2009-1895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1895"
    },
    {
      "name": "CVE-2009-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
    },
    {
      "name": "CVE-2009-0748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0748"
    },
    {
      "name": "CVE-2008-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3144"
    },
    {
      "name": "CVE-2009-0747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0747"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2009-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1095"
    },
    {
      "name": "CVE-2009-2672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2672"
    },
    {
      "name": "CVE-2009-0675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0675"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2009-2670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2670"
    },
    {
      "name": "CVE-2009-1102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1102"
    },
    {
      "name": "CVE-2009-1630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1630"
    },
    {
      "name": "CVE-2009-0269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0269"
    },
    {
      "name": "CVE-2008-3528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3528"
    },
    {
      "name": "CVE-2008-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5031"
    },
    {
      "name": "CVE-2008-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1721"
    },
    {
      "name": "CVE-2009-1388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1388"
    },
    {
      "name": "CVE-2009-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1192"
    },
    {
      "name": "CVE-2009-2720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2720"
    },
    {
      "name": "CVE-2009-0834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0834"
    },
    {
      "name": "CVE-2009-2671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2671"
    },
    {
      "name": "CVE-2009-2848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2848"
    },
    {
      "name": "CVE-2009-2675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2675"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2009-0159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159"
    },
    {
      "name": "CVE-2009-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0778"
    },
    {
      "name": "CVE-2009-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2625"
    },
    {
      "name": "CVE-2009-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1099"
    },
    {
      "name": "CVE-2009-1252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1252"
    },
    {
      "name": "CVE-2009-2698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2698"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2723"
    },
    {
      "name": "CVE-2009-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1107"
    },
    {
      "name": "CVE-2009-2716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2716"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2009-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1105"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2009-0028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0028"
    },
    {
      "name": "CVE-2009-1337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1337"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    },
    {
      "name": "CVE-2007-2052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2052"
    },
    {
      "name": "CVE-2009-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1336"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    },
    {
      "name": "CVE-2009-1633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1633"
    },
    {
      "name": "CVE-2009-2722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2722"
    },
    {
      "name": "CVE-2008-5700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5700"
    },
    {
      "name": "CVE-2009-1103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1103"
    },
    {
      "name": "CVE-2009-1100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1100"
    },
    {
      "name": "CVE-2009-2676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2676"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2009-1096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1096"
    },
    {
      "name": "CVE-2009-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1098"
    },
    {
      "name": "CVE-2009-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0787"
    },
    {
      "name": "CVE-2008-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1887"
    },
    {
      "name": "CVE-2009-1097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1097"
    },
    {
      "name": "CVE-2009-2847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2847"
    },
    {
      "name": "CVE-2008-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2315"
    },
    {
      "name": "CVE-2009-0696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0696"
    },
    {
      "name": "CVE-2009-2718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2718"
    },
    {
      "name": "CVE-2009-0745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0745"
    },
    {
      "name": "CVE-2009-1093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1093"
    }
  ],
  "initial_release_date": "2009-11-24T00:00:00",
  "last_revision_date": "2009-11-24T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-513",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans les produits VMware peuvent\n\u00eatre exploit\u00e9es \u00e0 distance par un utilisateur malintentionn\u00e9 afin de\ncompromettre le syst\u00e8me vuln\u00e9rable ou encore d\u0027entraver son bon\nfonctionnement.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware du 20 novembre 2009",
      "url": "http://lists.vmware.com/pipermail/security-announce/2009/000070.html"
    }
  ]
}

CERTA-2010-AVI-220

Vulnerability from certfr_avis - Published: 2010-05-20 - Updated: 2010-05-20

Plusieurs vulnérabilités découvertes dans HP Performance Manager permettent à un utilisateur distant malintentionné de provoquer un déni de service, de contourner la politique de sécurité, de porter atteinte à la confidentialité et à l'intégrité des données, d'élever ses privilèges ou encore de réaliser une attaque par injection de code indirecte.

Description

De nombreuses vulnérabilités ont été corrigées dans HP Performance Manager. Elles peuvent être exploitées par une personne malveillante afin de :

de provoquer un déni de service (CVE-2009-0033) ;
de contourner la politique de sécurité (CVE-2008-5515, CVE-2009-2901) ;
de porter atteinte à l'intégrité des données (CVE-2009-0783, CVE-2009-2693, CVE-2009-2902) ;
de porter atteinte à la confidentialité des données (CVE-2009-0580, CVE-2009-0783) ;
d'élever ses privilèges (CVE-2009-3548) ;
de réaliser une attaque par injection de code indirecte (CVE-2009-0781) ;

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	HP Performance Manager v8.10.
N/A	N/A	HP Performance Manager v8.20 ;
N/A	N/A	HP Performance Manager v8.21 ;

References

Title

Publication Time

Tags

Bulletin de scurit HP #c02181353 du 17 mai 2010	None	vendor-advisory
Bulletin de sécurité HP #c02181353 du 17 mai 2010 :	-	other
Bulletin de sécurité HP #c02181353 du 17 mai 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP Performance Manager v8.10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Performance Manager v8.20 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP Performance Manager v8.21 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans HP Performance\nManager. Elles peuvent \u00eatre exploit\u00e9es par une personne malveillante\nafin de :\n\n-   de provoquer un d\u00e9ni de service (CVE-2009-0033) ;\n-   de contourner la politique de s\u00e9curit\u00e9 (CVE-2008-5515,\n    CVE-2009-2901) ;\n-   de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es (CVE-2009-0783,\n    CVE-2009-2693, CVE-2009-2902) ;\n-   de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es (CVE-2009-0580,\n    CVE-2009-0783) ;\n-   d\u0027\u00e9lever ses privil\u00e8ges (CVE-2009-3548) ;\n-   de r\u00e9aliser une attaque par injection de code indirecte\n    (CVE-2009-0781) ;\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2009-3548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3548"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    }
  ],
  "initial_release_date": "2010-05-20T00:00:00",
  "last_revision_date": "2010-05-20T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP #c02181353 du 17 mai 2010 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02181353"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP #c02181353 du 17 mai 2010 :",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02181353"
    }
  ],
  "reference": "CERTA-2010-AVI-220",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-05-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans HP Performance Manager\npermettent \u00e0 un utilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni\nde service, de contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0\nla confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, d\u0027\u00e9lever ses privil\u00e8ges\nou encore de r\u00e9aliser une attaque par injection de code indirecte.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Performance Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de scurit HP #c02181353 du 17 mai 2010",
      "url": null
    }
  ]
}

CERTA-2009-AVI-211

Vulnerability from certfr_avis - Published: 2009-06-08 - Updated: 2009-10-27

Plusieurs vulnérabilités présentes dans Apache Tomcat permettent à un utilisateur distant de provoquer un déni de service et de porter atteinte à la confidentialité et à l'intégrité des données.

Description

Plusieurs vulnérabilités sont présentes dans Apache Tomcat :

la première est relative à une erreur dans le traitement de certains en-têtes HTTP par le composant AJP Connector. Elle permet à un utilisateur distant de provoquer un déni de service ;
la deuxième concerne certaines fonctionnalités d'authentification et permet à un personne distante d'obtenir des identifiants valides d'utilisateur via des requêtes particulières ;
la troisième est relative à la gestion des fichiers web.xml et tld qui peuvent être modifiés par une application particulière dans une autre application si celles-ci sont dans la même instance de Tomcat ;
la quatrième est due à une vulnérabilité dans le RequestDispatcher et permet à un utilisateur malintentionné d'accéder à des données sensibles ;
la dernière est due à une erreur dans le calendrier permettant de réaliser une attaque par injection de code indirecte.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apache	Tomcat	Apache Tomcat versions 4.1.39 et antérieures ;
Apache	Tomcat	Apache Tomcat versions 6.0.18 et antérieures.
Apache	Tomcat	Apache Tomcat versions 5.5.27 et antérieures ;

References

Title

Publication Time

Tags

Bulletins de sécurité Apache Tomcat du 03 juin 2009	None	vendor-advisory
Bulletin de sécurité HP-UX du 21 octobre 2009 :	-	other
Bulletins de sécurité Tomcat :	-	other
Bulletins de sécurité Tomcat du 03 juin 2009 :	-	other
Bulletins de sécurité Tomcat du 03 juin 2009 :	-	other
Bulletins de sécurité Tomcat du 03 juin 2009 :	-	other
Bulletins de sécurité Tomcat :	-	other
Bulletins de sécurité Tomcat :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache Tomcat versions 4.1.39 et ant\u00e9rieures ;",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Tomcat versions 6.0.18 et ant\u00e9rieures.",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Apache Tomcat versions 5.5.27 et ant\u00e9rieures ;",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Apache Tomcat :\n\n-   la premi\u00e8re est relative \u00e0 une erreur dans le traitement de certains\n    en-t\u00eates HTTP par le composant AJP Connector. Elle permet \u00e0 un\n    utilisateur distant de provoquer un d\u00e9ni de service ;\n-   la deuxi\u00e8me concerne certaines fonctionnalit\u00e9s d\u0027authentification et\n    permet \u00e0 un personne distante d\u0027obtenir des identifiants valides\n    d\u0027utilisateur via des requ\u00eates particuli\u00e8res ;\n-   la troisi\u00e8me est relative \u00e0 la gestion des fichiers web.xml et tld\n    qui peuvent \u00eatre modifi\u00e9s par une application particuli\u00e8re dans une\n    autre application si celles-ci sont dans la m\u00eame instance de Tomcat\n    ;\n-   la quatri\u00e8me est due \u00e0 une vuln\u00e9rabilit\u00e9 dans le RequestDispatcher\n    et permet \u00e0 un utilisateur malintentionn\u00e9 d\u0027acc\u00e9der \u00e0 des donn\u00e9es\n    sensibles ;\n-   la derni\u00e8re est due \u00e0 une erreur dans le calendrier permettant de\n    r\u00e9aliser une attaque par injection de code indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    }
  ],
  "initial_release_date": "2009-06-08T00:00:00",
  "last_revision_date": "2009-10-27T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX du 21 octobre 2009 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01908935"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Tomcat :",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Tomcat du 03 juin 2009 :",
      "url": "http://marc.info/?l=tomcat-user\u0026m=124404378413736\u0026w=2"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Tomcat du 03 juin 2009 :",
      "url": "http://marc.info/?l=tomcat-user\u0026m=124404378913734\u0026w=2"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Tomcat du 03 juin 2009 :",
      "url": "http://marc.info/?l=tomcat-user\u0026m=124412001618125\u0026w=2"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Tomcat :",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 Tomcat :",
      "url": "http://tomcat.apache.org/security-4.html"
    }
  ],
  "reference": "CERTA-2009-AVI-211",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2009-06-08T00:00:00.000000"
    },
    {
      "description": "ajout de r\u00e9f\u00e9rence CVE et du bulletin HP-UX.",
      "revision_date": "2009-10-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans Apache Tomcat permettent \u00e0 un\nutilisateur distant de provoquer un d\u00e9ni de service et de porter\natteinte \u00e0 la confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de Apache Tomcat",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Apache Tomcat du 03 juin 2009",
      "url": null
    }
  ]
}

CERTA-2010-AVI-143

Vulnerability from certfr_avis - Published: 2010-03-30 - Updated: 2010-03-30

De multiples vulnérabilités ont été corrigées dans Mac OS X.

Description

Plusieurs vulnérabilités ont été corrigées dans Mac OS X. Elles permettent entre autres l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	Mac OS X 10.5 ;
Apple	macOS	Mac OS X 10.6 ;
Apple	macOS	Mac OS X Server 10.5 ;
Apple	macOS	Mac OS X Server 10.6.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4077 du 29 mars 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5 ;",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Elles\npermettent entre autres l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0511"
    },
    {
      "name": "CVE-2010-0509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0509"
    },
    {
      "name": "CVE-2010-0501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0501"
    },
    {
      "name": "CVE-2010-0065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0065"
    },
    {
      "name": "CVE-2010-0498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0498"
    },
    {
      "name": "CVE-2010-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0060"
    },
    {
      "name": "CVE-2008-7247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-7247"
    },
    {
      "name": "CVE-2003-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0063"
    },
    {
      "name": "CVE-2010-0043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0043"
    },
    {
      "name": "CVE-2010-0522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0522"
    },
    {
      "name": "CVE-2010-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0063"
    },
    {
      "name": "CVE-2009-3559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3559"
    },
    {
      "name": "CVE-2009-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
    },
    {
      "name": "CVE-2009-4142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4142"
    },
    {
      "name": "CVE-2009-3009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3009"
    },
    {
      "name": "CVE-2010-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0059"
    },
    {
      "name": "CVE-2010-0524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0524"
    },
    {
      "name": "CVE-2010-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0057"
    },
    {
      "name": "CVE-2009-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
    },
    {
      "name": "CVE-2010-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0521"
    },
    {
      "name": "CVE-2008-0564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0564"
    },
    {
      "name": "CVE-2010-0518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0518"
    },
    {
      "name": "CVE-2010-0513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0513"
    },
    {
      "name": "CVE-2009-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2417"
    },
    {
      "name": "CVE-2008-0888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0888"
    },
    {
      "name": "CVE-2009-3558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3558"
    },
    {
      "name": "CVE-2009-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
    },
    {
      "name": "CVE-2009-2902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
    },
    {
      "name": "CVE-2010-0517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0517"
    },
    {
      "name": "CVE-2010-0535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0535"
    },
    {
      "name": "CVE-2010-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0393"
    },
    {
      "name": "CVE-2009-3557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3557"
    },
    {
      "name": "CVE-2009-0580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
    },
    {
      "name": "CVE-2010-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0042"
    },
    {
      "name": "CVE-2010-0534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0534"
    },
    {
      "name": "CVE-2010-0497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0497"
    },
    {
      "name": "CVE-2008-4456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4456"
    },
    {
      "name": "CVE-2009-4143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4143"
    },
    {
      "name": "CVE-2010-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0058"
    },
    {
      "name": "CVE-2010-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0041"
    },
    {
      "name": "CVE-2010-0508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0508"
    },
    {
      "name": "CVE-2010-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0506"
    },
    {
      "name": "CVE-2010-0533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0533"
    },
    {
      "name": "CVE-2010-0507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0507"
    },
    {
      "name": "CVE-2010-0504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0504"
    },
    {
      "name": "CVE-2009-0316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0316"
    },
    {
      "name": "CVE-2010-0526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0526"
    },
    {
      "name": "CVE-2010-0510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0510"
    },
    {
      "name": "CVE-2009-1904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1904"
    },
    {
      "name": "CVE-2010-0500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0500"
    },
    {
      "name": "CVE-2008-5302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5302"
    },
    {
      "name": "CVE-2009-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2042"
    },
    {
      "name": "CVE-2010-0064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0064"
    },
    {
      "name": "CVE-2009-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
    },
    {
      "name": "CVE-2009-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2446"
    },
    {
      "name": "CVE-2009-2801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2801"
    },
    {
      "name": "CVE-2010-0525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0525"
    },
    {
      "name": "CVE-2010-0516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0516"
    },
    {
      "name": "CVE-2010-0502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0502"
    },
    {
      "name": "CVE-2010-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0062"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2009-2906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2906"
    },
    {
      "name": "CVE-2010-0505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0505"
    },
    {
      "name": "CVE-2008-5303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5303"
    },
    {
      "name": "CVE-2009-0781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
    },
    {
      "name": "CVE-2009-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4214"
    },
    {
      "name": "CVE-2009-0783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0783"
    },
    {
      "name": "CVE-2009-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0689"
    },
    {
      "name": "CVE-2008-5515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
    },
    {
      "name": "CVE-2006-1329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1329"
    },
    {
      "name": "CVE-2010-0514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0514"
    },
    {
      "name": "CVE-2009-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0037"
    },
    {
      "name": "CVE-2010-0515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0515"
    },
    {
      "name": "CVE-2009-2422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2422"
    },
    {
      "name": "CVE-2010-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0056"
    },
    {
      "name": "CVE-2010-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0512"
    },
    {
      "name": "CVE-2009-2632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2632"
    },
    {
      "name": "CVE-2009-0688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0688"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2010-0537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0537"
    },
    {
      "name": "CVE-2010-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0519"
    },
    {
      "name": "CVE-2010-0523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0523"
    },
    {
      "name": "CVE-2010-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0520"
    },
    {
      "name": "CVE-2010-0503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0503"
    },
    {
      "name": "CVE-2010-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0055"
    }
  ],
  "initial_release_date": "2010-03-30T00:00:00",
  "last_revision_date": "2010-03-30T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-143",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple MacOS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4077 du 29 mars 2010",
      "url": "http://support.apple.com/kb/HT4077"
    }
  ]
}

GSD-2008-5515

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-5515

Aliases

CVE-2008-5515

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-5515",
    "description": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
    "id": "GSD-2008-5515",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-5515.html",
      "https://www.debian.org/security/2011/dsa-2207",
      "https://access.redhat.com/errata/RHSA-2010:0602",
      "https://access.redhat.com/errata/RHSA-2009:1617",
      "https://access.redhat.com/errata/RHSA-2009:1616",
      "https://access.redhat.com/errata/RHSA-2009:1563",
      "https://access.redhat.com/errata/RHSA-2009:1562",
      "https://access.redhat.com/errata/RHSA-2009:1506",
      "https://access.redhat.com/errata/RHSA-2009:1454",
      "https://access.redhat.com/errata/RHSA-2009:1164",
      "https://access.redhat.com/errata/RHSA-2009:1146",
      "https://access.redhat.com/errata/RHSA-2009:1145",
      "https://access.redhat.com/errata/RHSA-2009:1144",
      "https://access.redhat.com/errata/RHSA-2009:1143",
      "https://linux.oracle.com/cve/CVE-2008-5515.html",
      "https://packetstormsecurity.com/files/cve/CVE-2008-5515"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-5515"
      ],
      "details": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
      "id": "GSD-2008-5515",
      "modified": "2023-12-13T01:23:04.404618Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-5515",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
          },
          {
            "name": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2",
            "refsource": "MISC",
            "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
          },
          {
            "name": "http://secunia.com/advisories/35685",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35685"
          },
          {
            "name": "http://secunia.com/advisories/35788",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35788"
          },
          {
            "name": "http://secunia.com/advisories/37460",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/37460"
          },
          {
            "name": "http://secunia.com/advisories/42368",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/42368"
          },
          {
            "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1",
            "refsource": "MISC",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
          },
          {
            "name": "http://support.apple.com/kb/HT4077",
            "refsource": "MISC",
            "url": "http://support.apple.com/kb/HT4077"
          },
          {
            "name": "http://tomcat.apache.org/security-4.html",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "http://tomcat.apache.org/security-5.html",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "http://tomcat.apache.org/security-6.html",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "http://www.debian.org/security/2011/dsa-2207",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2011/dsa-2207"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
            "refsource": "MISC",
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1856",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1856"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/3316",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2010/3056",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2010/3056"
          },
          {
            "name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"
          },
          {
            "name": "http://secunia.com/advisories/35393",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35393"
          },
          {
            "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html",
            "refsource": "MISC",
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1535",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1535"
          },
          {
            "name": "http://jvn.jp/en/jp/JVN63832775/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN63832775/index.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
          },
          {
            "name": "http://secunia.com/advisories/39317",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/39317"
          },
          {
            "name": "http://secunia.com/advisories/44183",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/44183"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/504170/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/504202/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/35263",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/35263"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1520",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1520"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[4.1.0,4.1.40),[5.5.0,5.5.28),[6.0.0,6.0.19)",
          "affected_versions": "All versions starting from 4.1.0 before 4.1.40, all versions starting from 5.5.0 before 5.5.28, all versions starting from 6.0.0 before 6.0.19",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-22",
            "CWE-937"
          ],
          "date": "2022-06-09",
          "description": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
          "fixed_versions": [
            "4.1.40",
            "5.5.28",
            "6.0.20"
          ],
          "identifier": "CVE-2008-5515",
          "identifiers": [
            "GHSA-9737-qmgc-hfr9",
            "CVE-2008-5515"
          ],
          "not_impacted": "All versions before 4.1.0, all versions starting from 4.1.40 before 5.5.0, all versions starting from 5.5.28 before 6.0.0, all versions starting from 6.0.19",
          "package_slug": "maven/org.apache.tomcat/tomcat",
          "pubdate": "2022-05-14",
          "solution": "Upgrade to versions 4.1.40, 5.5.28, 6.0.20 or above.",
          "title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
            "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E",
            "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E",
            "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422",
            "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452",
            "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445",
            "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html",
            "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html",
            "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html",
            "http://jvn.jp/en/jp/JVN63832775/index.html",
            "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2",
            "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2",
            "http://support.apple.com/kb/HT4077",
            "http://tomcat.apache.org/security-4.html",
            "http://tomcat.apache.org/security-5.html",
            "http://tomcat.apache.org/security-6.html",
            "http://www.debian.org/security/2011/dsa-2207",
            "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
            "https://github.com/advisories/GHSA-9737-qmgc-hfr9"
          ],
          "uuid": "6ab8cf4e-9a8f-4443-a935-b6070c894c1d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.38:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-5515"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2009-1520",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1520"
            },
            {
              "name": "35263",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/35263"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "JVN#63832775",
              "refsource": "JVN",
              "tags": [
                "Patch"
              ],
              "url": "http://jvn.jp/en/jp/JVN63832775/index.html"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
            },
            {
              "name": "35393",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35393"
            },
            {
              "name": "ADV-2009-1535",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1535"
            },
            {
              "name": "MDVSA-2009:138",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"
            },
            {
              "name": "MDVSA-2009:136",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
            },
            {
              "name": "SUSE-SR:2009:012",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
            },
            {
              "name": "35685",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35685"
            },
            {
              "name": "ADV-2009-1856",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1856"
            },
            {
              "name": "263529",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
            },
            {
              "name": "35788",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35788"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
            },
            {
              "name": "37460",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37460"
            },
            {
              "name": "FEDORA-2009-11374",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"
            },
            {
              "name": "FEDORA-2009-11356",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"
            },
            {
              "name": "FEDORA-2009-11352",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"
            },
            {
              "name": "ADV-2009-3316",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/3316"
            },
            {
              "name": "APPLE-SA-2010-03-29-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4077",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT4077"
            },
            {
              "name": "SUSE-SR:2010:008",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
            },
            {
              "name": "39317",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/39317"
            },
            {
              "name": "MDVSA-2010:176",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
            },
            {
              "name": "HPSBUX02579",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
            },
            {
              "name": "ADV-2010-3056",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/3056"
            },
            {
              "name": "42368",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/42368"
            },
            {
              "name": "44183",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/44183"
            },
            {
              "name": "DSA-2207",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2011/dsa-2207"
            },
            {
              "name": "HPSBUX02860",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
            },
            {
              "name": "HPSBMA02535",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:6445",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"
            },
            {
              "name": "oval:org.mitre.oval:def:19452",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"
            },
            {
              "name": "oval:org.mitre.oval:def:10422",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"
            },
            {
              "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
            },
            {
              "name": "20090610 [SECURITY] UPDATED CVE-2008-5515 RequestDispatcher directory traversal vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"
            },
            {
              "name": "20090608 [SECURITY] CVE-2008-5515 RequestDispatcher directory traversal vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"
            },
            {
              "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T02:19Z",
      "publishedDate": "2009-06-16T21:00Z"
    }
  }
}

JVNDB-2009-000036

Vulnerability from jvndb - Published: 2009-06-18 17:53 - Updated:2012-09-28 13:35

Severity ?

() - -

Summary

Apache Tomcat information disclosure vulnerability

Details

Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory. According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. For more information, refer to the developer's website. Minehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN63832775/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5515
	BID	http://www.securityfocus.com/bid/35263
	VUPEN	http://www.vupen.com/english/advisories/2009/1520
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Apache Software Foundation	Apache Tomcat
	FUJITSU	Interstage Application Framework Suite
	FUJITSU	Interstage Application Server
	FUJITSU	Interstage Apworks
	FUJITSU	Interstage Business Application Server
	FUJITSU	Interstage Job Workload Server
	FUJITSU	Interstage Studio
	FUJITSU	Interstage Web Server
	Hewlett-Packard Development Company,L.P	HP-UX Tomcat-based Servlet Engine
	NEC Corporation	InfoFrame DocumentSkipper
	NEC Corporation	MCOne
	NEC Corporation	WebSAM SECUREMASTER
	VMware	VMware ESX
	VMware	VMware Server
	VMware	VMware vCenter
	VMware	VMware VirtualCenter
	Apple Inc.	Apple Mac OS X Server
	Hewlett-Packard Development Company,L.P	HP-UX
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Enterprise Linux Desktop
	Red Hat, Inc.	Red Hat Enterprise Linux EUS
	Red Hat, Inc.	RHEL Desktop Workstation
	Sun Microsystems, Inc.	OpenSolaris
	Sun Microsystems, Inc.	Sun Solaris

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000036.html",
  "dc:date": "2012-09-28T13:35+09:00",
  "dcterms:issued": "2009-06-18T17:53+09:00",
  "dcterms:modified": "2012-09-28T13:35+09:00",
  "description": "Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory.\r\n\r\nAccording to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.\r\nFor more information, refer to the developer\u0027s website.\r\n\r\nMinehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000036.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
      "@product": "Interstage Application Framework Suite",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_apworks",
      "@product": "Interstage Apworks",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_job_workload_server",
      "@product": "Interstage Job Workload Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_studio",
      "@product": "Interstage Studio",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_web_server",
      "@product": "Interstage Web Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hp:tomcat-based_servlet_engine",
      "@product": "HP-UX Tomcat-based Servlet Engine",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:infoframe_documentskipper",
      "@product": "InfoFrame DocumentSkipper",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:mcone",
      "@product": "MCOne",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:websam_securemaster",
      "@product": "WebSAM SECUREMASTER",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:esx",
      "@product": "VMware ESX",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:server",
      "@product": "VMware Server",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:vcenter",
      "@product": "VMware vCenter",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:vmware:virtualcenter",
      "@product": "VMware VirtualCenter",
      "@vendor": "VMware",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_eus",
      "@product": "Red Hat Enterprise Linux EUS",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:opensolaris",
      "@product": "OpenSolaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000036",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN63832775/index.html",
      "@id": "JVN#63832775",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515",
      "@id": "CVE-2008-5515",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5515",
      "@id": "CVE-2008-5515",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/35263",
      "@id": "35263",
      "@source": "BID"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2009/1520",
      "@id": "VUPEN/ADV-2009-1520",
      "@source": "VUPEN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Apache Tomcat information disclosure vulnerability"
}

FKIE_CVE-2008-5515

Vulnerability from fkie_nvd - Published: 2009-06-16 21:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://jvn.jp/en/jp/JVN63832775/index.html	Patch
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
secalert@redhat.com	http://marc.info/?l=bugtraq&m=127420533226623&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=129070310906557&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=136485229118404&w=2
secalert@redhat.com	http://secunia.com/advisories/35393
secalert@redhat.com	http://secunia.com/advisories/35685
secalert@redhat.com	http://secunia.com/advisories/35788
secalert@redhat.com	http://secunia.com/advisories/37460
secalert@redhat.com	http://secunia.com/advisories/39317
secalert@redhat.com	http://secunia.com/advisories/42368
secalert@redhat.com	http://secunia.com/advisories/44183
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
secalert@redhat.com	http://support.apple.com/kb/HT4077
secalert@redhat.com	http://tomcat.apache.org/security-4.html	Patch, Vendor Advisory
secalert@redhat.com	http://tomcat.apache.org/security-5.html	Patch, Vendor Advisory
secalert@redhat.com	http://tomcat.apache.org/security-6.html	Patch, Vendor Advisory
secalert@redhat.com	http://www.debian.org/security/2011/dsa-2207
secalert@redhat.com	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
secalert@redhat.com	http://www.securityfocus.com/archive/1/504170/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/504202/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/archive/1/507985/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/35263	Patch
secalert@redhat.com	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1520	Patch, Vendor Advisory
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1535
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1856
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/3316
secalert@redhat.com	http://www.vupen.com/english/advisories/2010/3056
secalert@redhat.com	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN63832775/index.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=127420533226623&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=129070310906557&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=136485229118404&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35393
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35685
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35788
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/37460
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39317
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/42368
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44183
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4077
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-4.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-5.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-6.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2011/dsa-2207
af854a3a-2127-422b-91ae-364da2661108	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/504170/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/504202/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/507985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/35263	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2009-0016.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1520	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1535
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1856
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3316
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/3056
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html

Impacted products

Vendor	Product	Version
apache	tomcat	4.1.0
apache	tomcat	4.1.1
apache	tomcat	4.1.2
apache	tomcat	4.1.3
apache	tomcat	4.1.10
apache	tomcat	4.1.11
apache	tomcat	4.1.12
apache	tomcat	4.1.13
apache	tomcat	4.1.14
apache	tomcat	4.1.15
apache	tomcat	4.1.16
apache	tomcat	4.1.17
apache	tomcat	4.1.18
apache	tomcat	4.1.19
apache	tomcat	4.1.20
apache	tomcat	4.1.21
apache	tomcat	4.1.22
apache	tomcat	4.1.23
apache	tomcat	4.1.24
apache	tomcat	4.1.25
apache	tomcat	4.1.26
apache	tomcat	4.1.27
apache	tomcat	4.1.28
apache	tomcat	4.1.29
apache	tomcat	4.1.30
apache	tomcat	4.1.31
apache	tomcat	4.1.32
apache	tomcat	4.1.33
apache	tomcat	4.1.34
apache	tomcat	4.1.35
apache	tomcat	4.1.36
apache	tomcat	4.1.37
apache	tomcat	4.1.38
apache	tomcat	4.1.39
apache	tomcat	5.5.0
apache	tomcat	5.5.1
apache	tomcat	5.5.2
apache	tomcat	5.5.3
apache	tomcat	5.5.4
apache	tomcat	5.5.5
apache	tomcat	5.5.6
apache	tomcat	5.5.7
apache	tomcat	5.5.8
apache	tomcat	5.5.9
apache	tomcat	5.5.10
apache	tomcat	5.5.11
apache	tomcat	5.5.12
apache	tomcat	5.5.13
apache	tomcat	5.5.14
apache	tomcat	5.5.15
apache	tomcat	5.5.16
apache	tomcat	5.5.17
apache	tomcat	5.5.18
apache	tomcat	5.5.19
apache	tomcat	5.5.20
apache	tomcat	5.5.21
apache	tomcat	5.5.22
apache	tomcat	5.5.23
apache	tomcat	5.5.24
apache	tomcat	5.5.25
apache	tomcat	5.5.26
apache	tomcat	5.5.27
apache	tomcat	6.0
apache	tomcat	6.0.0
apache	tomcat	6.0.1
apache	tomcat	6.0.2
apache	tomcat	6.0.3
apache	tomcat	6.0.4
apache	tomcat	6.0.5
apache	tomcat	6.0.6
apache	tomcat	6.0.7
apache	tomcat	6.0.9
apache	tomcat	6.0.10
apache	tomcat	6.0.12
apache	tomcat	6.0.13
apache	tomcat	6.0.14
apache	tomcat	6.0.15
apache	tomcat	6.0.16
apache	tomcat	6.0.17
apache	tomcat	6.0.18

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E300013-0CE7-4313-A553-74A6A247B3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D7414-8D0C-45D6-8E87-679DF0201D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60CFD9CA-1878-4C74-A9BD-5D581736E6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92F3744-C8F9-4E29-BF1A-25E03A32F2C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "084B3227-FE22-43E3-AE06-7BB257018690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D536FF4-7582-4351-ABE3-876E20F8E7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB43F47F-5BF9-43A0-BF0E-451B4A8F7137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DDD82E-5D83-4581-B2F3-F12655BBF817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0F0C91-171E-421D-BE86-11567DEFC7BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22D2621-D305-43CE-B00D-9A7563B061F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F4245BA-B05C-49DE-B2E0-1E588209ED3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "8633532B-9785-4259-8840-B08529E20DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9BD7E-FCC2-404B-A057-1A10997DAFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F935ED72-58F4-49C1-BD9F-5473E0B9D8CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EA52901-2D16-4F7E-BF5E-780B42A55D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A79DA2C-35F3-47DE-909B-8D8D1AE111C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BF6952D-6308-4029-8B63-0BD9C648C60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "94941F86-0BBF-4F30-8F13-FB895A11ED69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "17522878-4266-432A-859D-C02096C8AC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "951FFCD7-EAC2-41E6-A53B-F90C540327E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1F2738-C7D6-4206-9227-43F464887FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "98EEB6F2-A721-45CF-A856-0E01B043C317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "02FDE602-A56A-477E-B704-41AF92EEBB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A28B11A-3BC7-41BC-8970-EE075B029F5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AD3E84C-9A2E-4586-A09E-CBDEB1E7F695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EF54C08-5FF1-4D02-AA16-B13096BD566C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F3B31D-8974-4016-ACAF-E7A917C99F84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E98B82A-22E5-4E6C-90AE-56F5780EA147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "34672E90-C220-436B-9143-480941227933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92883AFA-A02F-41A5-9977-ABEAC8AD2970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "989A78F8-EE92-465F-8A8D-ECF0B58AFE7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFB09F3-32D1-479C-8C39-D7329D9A6623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56581E2-9ECD-426A-96D8-A9D958900AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "717F6995-5AF0-484C-90C0-A82F25FD2E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C01D5-773F-469C-9E69-170C2844AAA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "5878E08E-2741-4798-94E9-BA8E07386B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F6BAB7-C099-4345-A632-7287AEA555B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3AAF031-D16B-4D51-9581-2D1376A5157B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "51120689-F5C0-4DF1-91AA-314C40A46C58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67477AB-85F6-421C-9C0B-C8EFB1B200CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D70CFD9-B55D-4A29-B94C-D33F3E881A8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B93A3A-D487-4CA1-8257-26F8FE287B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8802B2-57E0-4AA6-BC8E-00DE60468569",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request."
    },
    {
      "lang": "es",
      "value": "Apache Tomcat desde v4.1.0 hasta v4.1.39,  desde v5.5.0 hasta v5.5.27, desde v6.0.0 hasta v6.0.18, y posiblemente versiones anteriores que normalizan la ruta del directorio objetivo antes de filtrar la cadena de petici\u00f3n cuando se utiliza el m\u00e9todo RequestDispatcher, lo que permitir\u00eda atacantes remotos evitar las restricciones de acceso previstas y que llevar\u00eda a un salto de directorio a trav\u00e9s de secuencias ..(punto punto) y el directorio WEB-INF en una petici\u00f3n."
    }
  ],
  "id": "CVE-2008-5515",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-06-16T21:00:00.313",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://jvn.jp/en/jp/JVN63832775/index.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35393"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35685"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35788"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/37460"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/39317"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42368"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/44183"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2011/dsa-2207"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35263"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1520"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1535"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1856"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/3056"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://jvn.jp/en/jp/JVN63832775/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/37460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2011/dsa-2207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/3056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200906-0603

Vulnerability from variot - Updated: 2025-12-22 21:25

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory. According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. For more information, refer to the developer's website. Minehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.A remote attacker could possibly obtain information such as configuration or user credentials contained in the application which resides under the WEB-INF directory. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Modification, Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c02515878 Version: 1

HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized

Modification, Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2010-11-23 Last Updated: 2010-11-23

Potential Security Impact: Remote information disclosure, unauthorized modification, or Denial of Service (DoS).

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These

vulnerabilities could be exploited remotely to disclose information, allows unauthorized modification, or create a Denial

of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite.

References: CVE-2010-2227, CVE-2010-1157, CVE-2009-0783, CVE-2009-0781, CVE-2009-0580, CVE-2009-0033, CVE-2008-5515

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or earlier

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-2227 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2010-1157 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2009-0783 (AV:L/AC:L/Au:N/C:P/I:P/A:N) 3.6 CVE-2009-0781 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2009-0580 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2009-0033 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5515 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com Note: HP-UX Web Server Suite v3.13 contains HP-UX Tomcat-based Servlet Engine v5.5.30.01

Web Server Suite Version / Apache Depot name

HP-UX Web Server Suite v.3.13 HPUXWS22ATW-B313-32.depot

HPUXWS22ATW-B313-64.depot

MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.13 or subsequent.

PRODUCT SPECIFIC INFORMATION

HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa

The following text is for use by the HP-UX Software Assistant.

AFFECTED VERSIONS

HP-UX Web Server Suite

HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22TOMCAT.TOMCAT action: install revision B.5.5.30.01 or subsequent

END AFFECTED VERSIONS

HISTORY Version:1 (rev.1) - 23 November 2010 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

Copyright 2010 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzsg8IACgkQ4B86/C0qfVlFEQCg1wPaYQ84EkeiOjNAkrLGPVnQ 1aQAoK/qC5XheL13hyynXvA/jfWdKwQ0 =jKnI -----END PGP SIGNATURE----- . =========================================================== Ubuntu Security Notice USN-788-1 June 15, 2009 tomcat6 vulnerabilities CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783 ===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10 Ubuntu 9.04

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.10: libtomcat6-java 6.0.18-0ubuntu3.2 tomcat6-examples 6.0.18-0ubuntu3.2

Ubuntu 9.04: libtomcat6-java 6.0.18-0ubuntu6.1 tomcat6-examples 6.0.18-0ubuntu6.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. (CVE-2008-5515)

Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. (CVE-2009-0033)

D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. (CVE-2009-0580)

Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2009-0781)

Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files. (CVE-2009-0783)

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz
  Size/MD5:    22010 87c6105cd78ea5a8dbf62054fc4ba0aa
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc
  Size/MD5:     1378 823c008ffc927c0f3f5686fc6f5188d0
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
  Size/MD5:  3484249 9bdbb1c1d79302c80057a70b18fe6721

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb
  Size/MD5:   174164 dd24331b2709bd6641b4055d0b052eae
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb
  Size/MD5:  2961944 63c8c3e0300ed70a240b79ddd3299efb
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb
  Size/MD5:    37370 b9b1bd6dc9cfb52107811295401c09e4
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb
  Size/MD5:    53488 5006e5c394ec815f6d36c335d9f0abaf
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb
  Size/MD5:   714516 768cacbb74453b1a2a49e55d61b7bedd
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb
  Size/MD5:   419180 0663de0611fb9792d44aebad8aa24cc4
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb
  Size/MD5:    18612 95544319007f1f90321469c5d314c72e
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb
  Size/MD5:    24156 9f4d7a0671e9330ff2fa1a1c13a20c58

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz
  Size/MD5:    24779 221e0f51259495fd01da2a6b67358b17
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc
  Size/MD5:     1411 e3bac3c39b2e6db3267699a533b17add
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz
  Size/MD5:  3484249 9bdbb1c1d79302c80057a70b18fe6721

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb
  Size/MD5:   246196 54e990e7893923b8b6df4bcce9f3ba22
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb
  Size/MD5:   172500 abf989790a45def65d5de9a7f9b010df
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb
  Size/MD5:  2846254 c1c0180751500ce58c51b97de9f2d6d9
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb
  Size/MD5:    37874 e7d401faba215af22ecff31b4a675fad
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb
  Size/MD5:    53184 194153ab21adac9a47baaf92ea8d2acb
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb
  Size/MD5:   714212 d52e9abc75108a8f059346e09d47b511
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb
  Size/MD5:   418316 3a7110c9da4bd72a7019cbb75651da73
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb
  Size/MD5:    20520 ea5e54c91e7055e281d61e63f0e140f2
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb
  Size/MD5:    24952 ec80f910d6c8e606c090ba8dd737bc4c

. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-24

                                        http://security.gentoo.org/

Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: June 24, 2012 Bugs: #272566, #273662, #303719, #320963, #329937, #373987, #374619, #382043, #386213, #396401, #399227 ID: 201206-24

Synopsis

Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 www-servers/tomcat < 5.5.34 >= 6.0.35 *< 6.0.35 >= 7.0.23 < 7.0.23

Description

Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.

Impact

The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server's hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.

Workaround

There is no known workaround at this time.

Resolution

All Apache Tomcat 6.0.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.35"

All Apache Tomcat 7.0.x users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.23"

References

[ 1 ] CVE-2008-5515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515 [ 2 ] CVE-2009-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033 [ 3 ] CVE-2009-0580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580 [ 4 ] CVE-2009-0781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781 [ 5 ] CVE-2009-0783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783 [ 6 ] CVE-2009-2693 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693 [ 7 ] CVE-2009-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901 [ 8 ] CVE-2009-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902 [ 9 ] CVE-2010-1157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157 [ 10 ] CVE-2010-2227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227 [ 11 ] CVE-2010-3718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718 [ 12 ] CVE-2010-4172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172 [ 13 ] CVE-2010-4312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312 [ 14 ] CVE-2011-0013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013 [ 15 ] CVE-2011-0534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534 [ 16 ] CVE-2011-1088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088 [ 17 ] CVE-2011-1183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183 [ 18 ] CVE-2011-1184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184 [ 19 ] CVE-2011-1419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419 [ 20 ] CVE-2011-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475 [ 21 ] CVE-2011-1582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582 [ 22 ] CVE-2011-2204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204 [ 23 ] CVE-2011-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481 [ 24 ] CVE-2011-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526 [ 25 ] CVE-2011-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729 [ 26 ] CVE-2011-3190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190 [ 27 ] CVE-2011-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375 [ 28 ] CVE-2011-4858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858 [ 29 ] CVE-2011-5062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062 [ 30 ] CVE-2011-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063 [ 31 ] CVE-2011-5064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064 [ 32 ] CVE-2012-0022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201206-24.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 .

The calendar application in the examples web application contains an XSS flaw due to invalid HTML which renders the XSS filtering protection ineffective (CVE-2009-0781).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://tomcat.apache.org/security-5.html

Updated Packages:

Mandriva Enterprise Server 5: eeaa9d6a2b616db100f1e206bb06b2d6 mes5/i586/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm a641e0f379b1c37a1475b8528a6d8ecf mes5/i586/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 743727d3628613d6968850ffd1ae092d mes5/i586/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm c9e66f0251d48d08f1df2dbca1973aad mes5/i586/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm 0fcaf3a02861505fd8afec7c94344b34 mes5/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm 6b013f381aad7eec77f82021fa897bb1 mes5/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 56a14766bd5d56beaf05914442329b8e mes5/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 6244961329d56d9854c27fb643180af7 mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 389011360b165d51ed7bb760aed77fef mes5/i586/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm 644fdfef4854b94a6a645b4a5df19430 mes5/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 69601123fe318d20c8e050fb294563a4 mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 19cbeea920983a8ba6a9f739c13f1162 mes5/i586/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 30f1fc3e67154e56ba2fe78c7f17cf02 mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64: c25b7d09498779d75041bc7f613130a0 mes5/x86_64/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm d7674924e3c8b7c84e5024869c1b69a3 mes5/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 84d805f41359b28390638787cfc06d12 mes5/x86_64/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm 8d7ed6ceffa3cc3f03a8a7abd05c470b mes5/x86_64/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm 4f1b9387b5c5e77fcac86104815ae33a mes5/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm 23350f016f88897bd966721c156c7c73 mes5/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 0e187a53ffadf553705425de115e48e6 mes5/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 50b42a84acf2b2d989655c2f7dd5ae1f mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm 16ca5f053c9221b48aea5e73ce7b6a06 mes5/x86_64/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm cf3d9d6d4cc876aef1fcbbf1b7d53950 mes5/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm 32f514581f311783fc5a673231558567 mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm d21b39762b5a108dacdaf58a91ce5dac mes5/x86_64/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm 30f1fc3e67154e56ba2fe78c7f17cf02 mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD4DBQFKbyKZmqjQ0CJFipgRAsjOAJ46WIT6KshXhK11pw/dmFR3Vuz5OQCYzzQM 8kHZGORcpqDWK1qWCdiY9A== =XhQl -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

References: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200906-0603",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.22"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.18"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.17"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.23"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.20"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.26"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.19"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.25"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.21"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.2"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.18"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.16"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.15"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.14"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.13"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.12"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.10"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.9"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.7"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.6"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.5"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.4"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.2"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0.1"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "6.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.27"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.26"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.25"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.24"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.23"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.22"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.21"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.20"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.19"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.18"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.17"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.16"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.15"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.14"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.13"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.12"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.11"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.10"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.2"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.1"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.39"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.38"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.37"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.36"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.35"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.34"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.32"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.31"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.30"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.29"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.28"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.24"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.12"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.10"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.3"
      },
      {
        "model": "virtualcenter",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "virtualcenter",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "2.5"
      },
      {
        "model": "vcenter",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "5.5.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "5.5.4"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.13"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.27"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "5.5.5"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.33"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "5.5.7"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "5.5.8"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.1"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "5.5.9"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "5.5.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.17"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.14"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.11"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.16"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.15"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "6.0.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "5.5.6"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "4.1.0 to 4.1.39"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "5.5.0 to 5.5.27"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "6.0.0 to 6.0.18"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6 through v10.6.2"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86-64)"
      },
      {
        "model": "interstage application framework suite",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage apworks",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage business application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage job workload server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard l p",
        "version": "11.11"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard l p",
        "version": "11.23"
      },
      {
        "model": "hp-ux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard l p",
        "version": "11.31"
      },
      {
        "model": "hp-ux tomcat-based servlet engine",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hewlett packard l p",
        "version": "before 5.5.30.01"
      },
      {
        "model": "infoframe documentskipper",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "mcone",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "websam securemaster",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (server)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.0 (client)"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.3.z (server)"
      },
      {
        "model": "rhel desktop workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (client)"
      },
      {
        "model": "opensolaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "(sparc)"
      },
      {
        "model": "opensolaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "(x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "10 (x86)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (sparc)"
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sun microsystems",
        "version": "9 (x86)"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "3.0.3"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "esx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "2.x"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.55"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.52"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.51"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.25"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.24"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.23"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.22"
      },
      {
        "model": "virtualcenter update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.21"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.2"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0.1"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.3"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.2"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0.1"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.0"
      },
      {
        "model": "esx server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "3.5"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "solaris 9 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 9 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 99",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 96",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 95",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 94",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 93",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 92",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 91",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 90",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 89",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 88",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 87",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 85",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 84",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 83",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 82",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 81",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 80",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 78",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 77",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 76",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 68",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 67",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 64",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 61",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 59",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 58",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 57",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 54",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 50",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 49",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 47",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 45",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 41",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 39",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 36",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 29",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 22",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 19",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 13",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 117",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 116",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 115",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 114",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 113",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 112",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 111a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 111",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 110",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 109",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 108",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 107",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 106",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 105",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 104",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 103",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 102",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 101a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 101",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 100",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 02",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 01",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.0"
      },
      {
        "model": "blackberry enterprise server for novell groupwise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0.1"
      },
      {
        "model": "blackberry enterprise server for novell groupwise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "4.1.7"
      },
      {
        "model": "blackberry enterprise server for novell groupwise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "4.1.4"
      },
      {
        "model": "blackberry enterprise server for exchange mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0.2"
      },
      {
        "model": "blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0.2"
      },
      {
        "model": "blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0.1"
      },
      {
        "model": "blackberry enterprise server for exchange sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0"
      },
      {
        "model": "blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0"
      },
      {
        "model": "blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "4.1.7"
      },
      {
        "model": "blackberry enterprise server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "4.1.4"
      },
      {
        "model": "blackberry enterprise server for domino mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0.2"
      },
      {
        "model": "blackberry enterprise server for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "4.1.4"
      },
      {
        "model": "blackberry enterprise server express for exchange mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0.2"
      },
      {
        "model": "blackberry enterprise server express for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0.2"
      },
      {
        "model": "blackberry enterprise server express for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0.1"
      },
      {
        "model": "blackberry enterprise server express for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "4.1.4"
      },
      {
        "model": "blackberry enterprise server express for domino mr1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0.2"
      },
      {
        "model": "blackberry enterprise server express for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "5.0.2"
      },
      {
        "model": "blackberry enterprise server express for domino",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rim",
        "version": "4.1.4"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "network satellite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "45.3"
      },
      {
        "model": "network satellite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "45.2"
      },
      {
        "model": "jboss enterprise web server el4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "0"
      },
      {
        "model": "jboss enterprise web server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.0"
      },
      {
        "model": "jboss enterprise application platform el5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.3"
      },
      {
        "model": "jboss enterprise application platform el4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.3"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.3"
      },
      {
        "model": "jboss enterprise application platform el5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.2"
      },
      {
        "model": "jboss enterprise application platform el4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.2"
      },
      {
        "model": "jboss enterprise application platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.2"
      },
      {
        "model": "enterprise linux eus 5.3.z server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "developer suite as4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "certificate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "application server ws4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2"
      },
      {
        "model": "application server es4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2"
      },
      {
        "model": "application server as4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "2"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "tivoli netcool/webtop fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.19"
      },
      {
        "model": "tivoli netcool/webtop fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.15"
      },
      {
        "model": "tivoli netcool/webtop fix pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.14"
      },
      {
        "model": "tivoli netcool/webtop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.1"
      },
      {
        "model": "rational quality manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0"
      },
      {
        "model": "performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.21"
      },
      {
        "model": "performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.20"
      },
      {
        "model": "performance manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "8.10"
      },
      {
        "model": "hp-ux web server suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.22"
      },
      {
        "model": "hp-ux web server suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.21"
      },
      {
        "model": "hp-ux web server suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.18"
      },
      {
        "model": "hp-ux web server suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.17"
      },
      {
        "model": "hp-ux web server suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.12"
      },
      {
        "model": "hp-ux web server suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.10"
      },
      {
        "model": "hp-ux b.11.31",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.23",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "hp-ux b.11.11",
        "scope": null,
        "trust": 0.3,
        "vendor": "hp",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage business application server enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.0"
      },
      {
        "model": "interstage apworks modelers-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage apworks modelers-j edition 6.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage apworks modelers-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1"
      },
      {
        "model": "interstage application server standard-j edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server plus developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server plus developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1"
      },
      {
        "model": "interstage application server enterprise edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "coat systems intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.2.1"
      },
      {
        "model": "coat systems intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.1.2"
      },
      {
        "model": "coat systems intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.1.1"
      },
      {
        "model": "coat systems intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.1.2"
      },
      {
        "model": "coat systems intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.1.1"
      },
      {
        "model": "coat systems intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.1"
      },
      {
        "model": "coat systems intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.0.1"
      },
      {
        "model": "coat systems intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "2.0"
      },
      {
        "model": "coat systems intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.2"
      },
      {
        "model": "coat systems intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.11"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.8"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5"
      },
      {
        "model": "tomcat beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "4.1.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "4.1"
      },
      {
        "model": "virtualcenter update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "2.56"
      },
      {
        "model": "vcenter update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "4.01"
      },
      {
        "model": "opensolaris build snv 118",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "tivoli netcool/webtop fix pack",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.110"
      },
      {
        "model": "rational quality manager",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1"
      },
      {
        "model": "hp-ux web server suite",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hp",
        "version": "3.13"
      },
      {
        "model": "coat systems intelligence center",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "3.2.2.1"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0.20"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.28"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "4.1.40"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "35263"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5515"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apache:tomcat",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:hp:hp-ux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:hp:tomcat-based_servlet_engine",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:infoframe_documentskipper",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:mcone",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:websam_securemaster",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:sun:opensolaris",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:sun:solaris",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:esx",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:vcenter",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:vmware:virtualcenter",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Iida Minehiko",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-265"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2008-5515",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2008-5515",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2009-000036",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-5515",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2009-000036",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200906-265",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2008-5515",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2008-5515"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5515"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow information disclosure or access to the contents contained in the WEB-INF directory. According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. For more information, refer to the developer\u0027s website. Minehiko Iida and Yuichiro Suzuki of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.A remote attacker could possibly obtain information such as configuration or user credentials contained in the application which resides under the WEB-INF directory. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. Modification, Denial of Service (DoS)\n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02515878\nVersion: 1\n\nHPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized\n\nModification, Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2010-11-23\nLast Updated: 2010-11-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote information disclosure, unauthorized modification, or Denial of Service (DoS). \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These\n\nvulnerabilities could be exploited remotely to disclose information, allows unauthorized modification, or create a Denial\n\nof Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. \n\nReferences: CVE-2010-2227, CVE-2010-1157, CVE-2009-0783, CVE-2009-0781, CVE-2009-0580, CVE-2009-0033, CVE-2008-5515\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.12 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-2227    (AV:N/AC:L/Au:N/C:P/I:N/A:P)       6.4\nCVE-2010-1157    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\nCVE-2009-0783    (AV:L/AC:L/Au:N/C:P/I:P/A:N)       3.6\nCVE-2009-0781    (AV:N/AC:M/Au:N/C:N/I:P/A:N)       4.3\nCVE-2009-0580    (AV:N/AC:M/Au:N/C:P/I:N/A:N)       4.3\nCVE-2009-0033    (AV:N/AC:L/Au:N/C:N/I:N/A:P)       5.0\nCVE-2008-5515    (AV:N/AC:L/Au:N/C:P/I:N/A:N)       5.0\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following software updates to resolve the vulnerabilities. \nThe updates are available for download from http://software.hp.com\nNote: HP-UX Web Server Suite v3.13 contains HP-UX Tomcat-based Servlet Engine v5.5.30.01\n\nWeb Server Suite Version / Apache Depot name\n\nHP-UX Web Server Suite v.3.13\n HPUXWS22ATW-B313-32.depot\n\n HPUXWS22ATW-B313-64.depot\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.13 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX Web Server Suite\n\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22TOMCAT.TOMCAT\naction: install revision B.5.5.30.01 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 23 November 2010 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n  To: security-alert@hp.com\n  Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n    -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n    -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2010 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAkzsg8IACgkQ4B86/C0qfVlFEQCg1wPaYQ84EkeiOjNAkrLGPVnQ\n1aQAoK/qC5XheL13hyynXvA/jfWdKwQ0\n=jKnI\n-----END PGP SIGNATURE-----\n. ===========================================================\nUbuntu Security Notice USN-788-1              June 15, 2009\ntomcat6 vulnerabilities\nCVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781,\nCVE-2009-0783\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 8.10\nUbuntu 9.04\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 8.10:\n  libtomcat6-java                 6.0.18-0ubuntu3.2\n  tomcat6-examples                6.0.18-0ubuntu3.2\n\nUbuntu 9.04:\n  libtomcat6-java                 6.0.18-0ubuntu6.1\n  tomcat6-examples                6.0.18-0ubuntu6.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nIida Minehiko discovered that Tomcat did not properly normalise paths. A\nremote attacker could send specially crafted requests to the server and\nbypass security restrictions, gaining access to sensitive content. \n(CVE-2008-5515)\n\nYoshihito Fukuyama discovered that Tomcat did not properly handle errors\nwhen the Java AJP connector and mod_jk load balancing are used. A remote\nattacker could send specially crafted requests containing invalid headers\nto the server and cause a temporary denial of service. (CVE-2009-0033)\n\nD. Matscheko and T. Hackner discovered that Tomcat did not properly handle\nmalformed URL encoding of passwords when FORM authentication is used. A\nremote attacker could exploit this in order to enumerate valid usernames. \n(CVE-2009-0580)\n\nDeniz Cevik discovered that Tomcat did not properly escape certain\nparameters in the example calendar application which could result in\nbrowsers becoming vulnerable to cross-site scripting attacks when\nprocessing the output. With cross-site scripting vulnerabilities, if a user\nwere tricked into viewing server output during a crafted server request, a\nremote attacker could exploit this to modify the contents, or steal\nconfidential data (such as passwords), within the same domain. \n(CVE-2009-0781)\n\nPhilippe Prados discovered that Tomcat allowed web applications to replace\nthe XML parser used by other web applications. Local users could exploit\nthis to bypass security restrictions and gain access to certain sensitive\nfiles. (CVE-2009-0783)\n\n\nUpdated packages for Ubuntu 8.10:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz\n      Size/MD5:    22010 87c6105cd78ea5a8dbf62054fc4ba0aa\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc\n      Size/MD5:     1378 823c008ffc927c0f3f5686fc6f5188d0\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz\n      Size/MD5:  3484249 9bdbb1c1d79302c80057a70b18fe6721\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb\n      Size/MD5:   174164 dd24331b2709bd6641b4055d0b052eae\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb\n      Size/MD5:  2961944 63c8c3e0300ed70a240b79ddd3299efb\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb\n      Size/MD5:    37370 b9b1bd6dc9cfb52107811295401c09e4\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb\n      Size/MD5:    53488 5006e5c394ec815f6d36c335d9f0abaf\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb\n      Size/MD5:   714516 768cacbb74453b1a2a49e55d61b7bedd\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb\n      Size/MD5:   419180 0663de0611fb9792d44aebad8aa24cc4\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb\n      Size/MD5:    18612 95544319007f1f90321469c5d314c72e\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb\n      Size/MD5:    24156 9f4d7a0671e9330ff2fa1a1c13a20c58\n\nUpdated packages for Ubuntu 9.04:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz\n      Size/MD5:    24779 221e0f51259495fd01da2a6b67358b17\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc\n      Size/MD5:     1411 e3bac3c39b2e6db3267699a533b17add\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz\n      Size/MD5:  3484249 9bdbb1c1d79302c80057a70b18fe6721\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb\n      Size/MD5:   246196 54e990e7893923b8b6df4bcce9f3ba22\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb\n      Size/MD5:   172500 abf989790a45def65d5de9a7f9b010df\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb\n      Size/MD5:  2846254 c1c0180751500ce58c51b97de9f2d6d9\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb\n      Size/MD5:    37874 e7d401faba215af22ecff31b4a675fad\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb\n      Size/MD5:    53184 194153ab21adac9a47baaf92ea8d2acb\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb\n      Size/MD5:   714212 d52e9abc75108a8f059346e09d47b511\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb\n      Size/MD5:   418316 3a7110c9da4bd72a7019cbb75651da73\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb\n      Size/MD5:    20520 ea5e54c91e7055e281d61e63f0e140f2\n    http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb\n      Size/MD5:    24952 ec80f910d6c8e606c090ba8dd737bc4c\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201206-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Apache Tomcat: Multiple vulnerabilities\n     Date: June 24, 2012\n     Bugs: #272566, #273662, #303719, #320963, #329937, #373987,\n           #374619, #382043, #386213, #396401, #399227\n       ID: 201206-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  www-servers/tomcat          *\u003c 5.5.34                 *\u003e= 6.0.35\n                                 *\u003c 6.0.35                  \u003e= 7.0.23\n                                  \u003c 7.0.23\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to\nhijack a session, to bypass authentication, to inject webscript, to\nenumerate valid usernames, to read, modify and overwrite arbitrary\nfiles, to bypass intended access restrictions, to delete work-directory\nfiles, to discover the server\u0027s hostname or IP, to bypass read\npermissions for files or HTTP headers, to read or write files outside\nof the intended working directory, and to obtain sensitive information\nby reading a log file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.35\"\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.23\"\n\nReferences\n==========\n\n[  1 ] CVE-2008-5515\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515\n[  2 ] CVE-2009-0033\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033\n[  3 ] CVE-2009-0580\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580\n[  4 ] CVE-2009-0781\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781\n[  5 ] CVE-2009-0783\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783\n[  6 ] CVE-2009-2693\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693\n[  7 ] CVE-2009-2901\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901\n[  8 ] CVE-2009-2902\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902\n[  9 ] CVE-2010-1157\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157\n[ 10 ] CVE-2010-2227\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227\n[ 11 ] CVE-2010-3718\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718\n[ 12 ] CVE-2010-4172\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172\n[ 13 ] CVE-2010-4312\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312\n[ 14 ] CVE-2011-0013\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013\n[ 15 ] CVE-2011-0534\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534\n[ 16 ] CVE-2011-1088\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088\n[ 17 ] CVE-2011-1183\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183\n[ 18 ] CVE-2011-1184\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184\n[ 19 ] CVE-2011-1419\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419\n[ 20 ] CVE-2011-1475\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475\n[ 21 ] CVE-2011-1582\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582\n[ 22 ] CVE-2011-2204\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204\n[ 23 ] CVE-2011-2481\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481\n[ 24 ] CVE-2011-2526\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526\n[ 25 ] CVE-2011-2729\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729\n[ 26 ] CVE-2011-3190\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190\n[ 27 ] CVE-2011-3375\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375\n[ 28 ] CVE-2011-4858\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858\n[ 29 ] CVE-2011-5062\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062\n[ 30 ] CVE-2011-5063\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063\n[ 31 ] CVE-2011-5064\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064\n[ 32 ] CVE-2012-0022\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n \n The calendar application in the examples web application contains an\n XSS flaw due to invalid HTML which renders the XSS filtering protection\n ineffective (CVE-2009-0781). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783\n http://tomcat.apache.org/security-5.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n eeaa9d6a2b616db100f1e206bb06b2d6  mes5/i586/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n a641e0f379b1c37a1475b8528a6d8ecf  mes5/i586/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 743727d3628613d6968850ffd1ae092d  mes5/i586/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n c9e66f0251d48d08f1df2dbca1973aad  mes5/i586/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 0fcaf3a02861505fd8afec7c94344b34  mes5/i586/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 6b013f381aad7eec77f82021fa897bb1  mes5/i586/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 56a14766bd5d56beaf05914442329b8e  mes5/i586/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 6244961329d56d9854c27fb643180af7  mes5/i586/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 389011360b165d51ed7bb760aed77fef  mes5/i586/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 644fdfef4854b94a6a645b4a5df19430  mes5/i586/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 69601123fe318d20c8e050fb294563a4  mes5/i586/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 19cbeea920983a8ba6a9f739c13f1162  mes5/i586/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm \n 30f1fc3e67154e56ba2fe78c7f17cf02  mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n c25b7d09498779d75041bc7f613130a0  mes5/x86_64/tomcat5-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n d7674924e3c8b7c84e5024869c1b69a3  mes5/x86_64/tomcat5-admin-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 84d805f41359b28390638787cfc06d12  mes5/x86_64/tomcat5-common-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 8d7ed6ceffa3cc3f03a8a7abd05c470b  mes5/x86_64/tomcat5-jasper-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 4f1b9387b5c5e77fcac86104815ae33a  mes5/x86_64/tomcat5-jasper-eclipse-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 23350f016f88897bd966721c156c7c73  mes5/x86_64/tomcat5-jasper-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 0e187a53ffadf553705425de115e48e6  mes5/x86_64/tomcat5-jsp-2.0-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 50b42a84acf2b2d989655c2f7dd5ae1f  mes5/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 16ca5f053c9221b48aea5e73ce7b6a06  mes5/x86_64/tomcat5-server-lib-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n cf3d9d6d4cc876aef1fcbbf1b7d53950  mes5/x86_64/tomcat5-servlet-2.4-api-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n 32f514581f311783fc5a673231558567  mes5/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.27-0.3.0.2mdvmes5.noarch.rpm\n d21b39762b5a108dacdaf58a91ce5dac  mes5/x86_64/tomcat5-webapps-5.5.27-0.3.0.2mdvmes5.noarch.rpm \n 30f1fc3e67154e56ba2fe78c7f17cf02  mes5/SRPMS/tomcat5-5.5.27-0.3.0.2mdvmes5.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD4DBQFKbyKZmqjQ0CJFipgRAsjOAJ46WIT6KshXhK11pw/dmFR3Vuz5OQCYzzQM\n8kHZGORcpqDWK1qWCdiY9A==\n=XhQl\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nReferences: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-5515"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      },
      {
        "db": "BID",
        "id": "35263"
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-5515"
      },
      {
        "db": "PACKETSTORM",
        "id": "121037"
      },
      {
        "db": "PACKETSTORM",
        "id": "96122"
      },
      {
        "db": "PACKETSTORM",
        "id": "78409"
      },
      {
        "db": "PACKETSTORM",
        "id": "114139"
      },
      {
        "db": "PACKETSTORM",
        "id": "79715"
      },
      {
        "db": "PACKETSTORM",
        "id": "82165"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-5515",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "35263",
        "trust": 2.8
      },
      {
        "db": "JVN",
        "id": "JVN63832775",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1520",
        "trust": 2.4
      },
      {
        "db": "SECUNIA",
        "id": "44183",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "35685",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "35393",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "37460",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "39317",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "42368",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "35788",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-3056",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1535",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1856",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3316",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000036",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-265",
        "trust": 0.6
      },
      {
        "db": "VUPEN",
        "id": "2009/1856",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2009/3316",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2009/1520",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2010/3056",
        "trust": 0.1
      },
      {
        "db": "VUPEN",
        "id": "2009/1535",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2008-5515",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "121037",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "96122",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "78409",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "114139",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "79715",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "82165",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2008-5515"
      },
      {
        "db": "BID",
        "id": "35263"
      },
      {
        "db": "PACKETSTORM",
        "id": "121037"
      },
      {
        "db": "PACKETSTORM",
        "id": "96122"
      },
      {
        "db": "PACKETSTORM",
        "id": "78409"
      },
      {
        "db": "PACKETSTORM",
        "id": "114139"
      },
      {
        "db": "PACKETSTORM",
        "id": "79715"
      },
      {
        "db": "PACKETSTORM",
        "id": "82165"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5515"
      }
    ]
  },
  "id": "VAR-200906-0603",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.16519225
  },
  "last_update_date": "2025-12-22T21:25:48.841000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Updates",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security"
      },
      {
        "title": "Apache Tomcat 6.x vulnerabilities",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-6.html"
      },
      {
        "title": "Apache Tomcat 5.x vulnerabilities",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "title": "Apache Tomcat 4.x vulnerabilities",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-4.html"
      },
      {
        "title": "HT4077",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4077"
      },
      {
        "title": "tomcat5-5.5.23-0jpp.7.2.1AXS3",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=725"
      },
      {
        "title": "JVN#63832775",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-63832775.html"
      },
      {
        "title": "interstage-200902",
        "trust": 0.8,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
      },
      {
        "title": "HPUXWSATW313",
        "trust": 0.8,
        "url": "https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313"
      },
      {
        "title": "HPSBUX02579",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02515878"
      },
      {
        "title": "HPSBUX02466",
        "trust": 0.8,
        "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01908935"
      },
      {
        "title": "1794",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1794"
      },
      {
        "title": "NV09-008",
        "trust": 0.8,
        "url": "http://www.nec.co.jp/security-info/secinfo/nv09-008.html"
      },
      {
        "title": "RHSA-2009:1164",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/RHSA-2009-1164.html"
      },
      {
        "title": "Multiple vulnerabilities in Oracle Java Web Console",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1"
      },
      {
        "title": "263529",
        "trust": 0.8,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263529-1"
      },
      {
        "title": "VMSA-2009-0016",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
      },
      {
        "title": "Red Hat: Important: JBoss Enterprise Application Platform 4.3.0.CP05 update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091145 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: tomcat security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20091164 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: tomcat6 vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-788-1"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 6 Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ac49c4dcad19730a5b7d72eba69e3550"
      },
      {
        "title": "Debian CVElist Bug Report Logs: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 5 Multiple Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b4688be3241a5693241135af6523bb48"
      },
      {
        "title": "Symantec Security Advisories: SA66 : Multiple Tomcat vulnerabilities in IntelligenceCenter",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=ce6312b51b7767e26422e4b3dbf8f5cd"
      },
      {
        "title": "VMware Security Advisories: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=4675848a694e2124743f676a2c827ef7"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2008-5515"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5515"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "http://www.securityfocus.com/bid/35263"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2009/1520"
      },
      {
        "trust": 2.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2009-0016.html"
      },
      {
        "trust": 2.3,
        "url": "http://www.debian.org/security/2011/dsa-2207"
      },
      {
        "trust": 2.1,
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "trust": 2.0,
        "url": "http://tomcat.apache.org/security-4.html"
      },
      {
        "trust": 2.0,
        "url": "http://tomcat.apache.org/security-6.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
      },
      {
        "trust": 1.7,
        "url": "http://jvn.jp/en/jp/jvn63832775/index.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/35393"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2009/1535"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:138"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:136"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/35685"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2009/1856"
      },
      {
        "trust": 1.7,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/35788"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/37460"
      },
      {
        "trust": 1.7,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01156.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01246.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-november/msg01216.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2009/3316"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://support.apple.com/kb/ht4077"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/39317"
      },
      {
        "trust": 1.7,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2010:176"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2010/3056"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/42368"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/44183"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6445"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19452"
      },
      {
        "trust": 1.7,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10422"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/504202/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/504170/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5515"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/en/jp/jvn63832775/index.html "
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5515"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.7,
        "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5515"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0783"
      },
      {
        "trust": 0.3,
        "url": "http://jakarta.apache.org/tomcat/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/504170"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/504202"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/507985"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263529-1"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27012048"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01908935"
      },
      {
        "trust": 0.3,
        "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02515878"
      },
      {
        "trust": 0.3,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?javax.portlet.endcachetok=com.vignette.cachetoken\u0026javax.portlet.prp_ba847bafb2a2d782fcbb0710b053ce01=wsrp-navigationalsta"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025919"
      },
      {
        "trust": 0.3,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa66"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2009-1164.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2009-1506.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.blackberry.com/btsc/dynamickc.do?externalid=kb25966\u0026sliceid=1\u0026command=show\u0026forward=nonthreadedkc\u0026kcid=kb25966"
      },
      {
        "trust": 0.3,
        "url": "https://www.hp.com/go/swa"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4858"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
      },
      {
        "trust": 0.2,
        "url": "http://software.hp.com"
      },
      {
        "trust": 0.2,
        "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
      },
      {
        "trust": 0.2,
        "url": "http://h30046.www3.hp.com/subsignin.php"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/22.html"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2009:1145"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/788-1/"
      },
      {
        "trust": 0.1,
        "url": "https://h20392.www2.hp.com/portal"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
      },
      {
        "trust": 0.1,
        "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0022"
      },
      {
        "trust": 0.1,
        "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu3.2_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu3.2_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu6.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu6.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.18-0ubuntu6.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu6.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.18-0ubuntu6.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu6.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu6.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.18-0ubuntu3.2_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.18-0ubuntu3.2.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.18-0ubuntu3.2_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.18-0ubuntu6.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.18-0ubuntu3.2_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.18-0ubuntu3.2_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu6.1_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.18-0ubuntu3.2_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0783"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0033"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0781"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2729"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2902"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5062"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3718"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1475"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0534"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0013"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5063"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1582"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4172"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5064"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4312"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1475"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1088"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0580"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2901"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2526"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1183"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1184"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2204"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3375"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2693"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1157"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1088"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4312"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4858"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2227"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2481"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5515"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3190"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1419"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3375"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-201206-24.xml"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1582"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1419"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0580"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0033"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0781"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0783"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2008-5515"
      },
      {
        "db": "BID",
        "id": "35263"
      },
      {
        "db": "PACKETSTORM",
        "id": "121037"
      },
      {
        "db": "PACKETSTORM",
        "id": "96122"
      },
      {
        "db": "PACKETSTORM",
        "id": "78409"
      },
      {
        "db": "PACKETSTORM",
        "id": "114139"
      },
      {
        "db": "PACKETSTORM",
        "id": "79715"
      },
      {
        "db": "PACKETSTORM",
        "id": "82165"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5515"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2008-5515"
      },
      {
        "db": "BID",
        "id": "35263"
      },
      {
        "db": "PACKETSTORM",
        "id": "121037"
      },
      {
        "db": "PACKETSTORM",
        "id": "96122"
      },
      {
        "db": "PACKETSTORM",
        "id": "78409"
      },
      {
        "db": "PACKETSTORM",
        "id": "114139"
      },
      {
        "db": "PACKETSTORM",
        "id": "79715"
      },
      {
        "db": "PACKETSTORM",
        "id": "82165"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-5515"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-06-16T00:00:00",
        "db": "VULMON",
        "id": "CVE-2008-5515"
      },
      {
        "date": "2009-06-08T00:00:00",
        "db": "BID",
        "id": "35263"
      },
      {
        "date": "2013-04-01T15:55:00",
        "db": "PACKETSTORM",
        "id": "121037"
      },
      {
        "date": "2010-11-27T18:01:33",
        "db": "PACKETSTORM",
        "id": "96122"
      },
      {
        "date": "2009-06-15T20:42:09",
        "db": "PACKETSTORM",
        "id": "78409"
      },
      {
        "date": "2012-06-24T23:54:31",
        "db": "PACKETSTORM",
        "id": "114139"
      },
      {
        "date": "2009-07-28T19:23:06",
        "db": "PACKETSTORM",
        "id": "79715"
      },
      {
        "date": "2009-10-23T18:16:10",
        "db": "PACKETSTORM",
        "id": "82165"
      },
      {
        "date": "2009-06-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200906-265"
      },
      {
        "date": "2009-06-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      },
      {
        "date": "2009-06-16T21:00:00.313000",
        "db": "NVD",
        "id": "CVE-2008-5515"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2008-5515"
      },
      {
        "date": "2015-04-13T22:12:00",
        "db": "BID",
        "id": "35263"
      },
      {
        "date": "2023-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200906-265"
      },
      {
        "date": "2012-09-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      },
      {
        "date": "2025-04-09T00:30:58.490000",
        "db": "NVD",
        "id": "CVE-2008-5515"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-265"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Tomcat information disclosure vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000036"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200906-265"
      }
    ],
    "trust": 0.6
  }
}

GHSA-9737-QMGC-HFR9

Vulnerability from github – Published: 2022-05-14 01:17 – Updated: 2024-02-21 19:56

Summary

Directory Traversal in Apache Tomcat

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.1.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.5.0"
            },
            {
              "fixed": "5.5.28"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.20"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2008-5515"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-09T23:48:28Z",
    "nvd_published_at": "2009-06-16T21:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
  "id": "GHSA-9737-qmgc-hfr9",
  "modified": "2024-02-21T19:56:16Z",
  "published": "2022-05-14T01:17:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/6b61911f94d6d8d49ee933c5f1882a7e7c336d2c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10422"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:19452"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:6445"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN63832775/index.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=129070310906557\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-6.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2011/dsa-2207"
    },
    {
      "type": "WEB",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Directory Traversal in Apache Tomcat"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-5515 (GCVE-0-2008-5515)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

CVSS 2.0 Base Metrics

Synopsis

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Tags

Sightings

Nomenclature