Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-7501 (GCVE-0-2015-7501)
Vulnerability from cvelistv5 – Published: 2017-11-09 00:00 – Updated: 2024-08-06 07:51
VLAI
EPSS
EUVD KEV
Summary
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
28 references
Date Public
2015-11-06 00:00
EUVD KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: b7d611b3-06a2-471c-a7b6-9875c4a93f2e
Exploited: Yes
Timestamps
First Seen: 2025-07-14
Asserted: 2025-07-14
Scope
Notes: Affected: Apache / Commons Collections library | Description: the system accepts serialized objects without verifying their origin or reliability allowing an attacker to send specially crafted payloads that are then deserialized and executed | Origin source: CERT Italia | Notes: https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note
Evidence
Type: Csirt Report
Signal: Successful Exploitation
Confidence: 75%
Source: enisa-cnw-kev
Details
| Cwes | - |
|---|---|
| Euvd | EUVD-2022-3799 |
| Notes | https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note |
| Catalog | ENISA / EU CSIRTs Network (CNW) KEV CSV |
| Product | Commons Collections library |
| Datereported | 14/07/25 |
| Originsource | CERT Italia |
| Vendorproject | Apache |
| Exploitationtype | - |
| Vulnerabilityname | - |
| Threatactorsexploiting | - |
References
Created: 2026-02-02 13:23 UTC
| Updated: 2026-02-06 07:53 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:0040",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
},
{
"name": "RHSA-2015:2670",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
},
{
"name": "RHSA-2015:2501",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
},
{
"name": "RHSA-2015:2517",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
},
{
"name": "78215",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78215"
},
{
"name": "1034097",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034097"
},
{
"name": "RHSA-2015:2671",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
},
{
"name": "1037052",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037052"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2015:2522",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
},
{
"name": "RHSA-2015:2521",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
},
{
"name": "RHSA-2015:2516",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
},
{
"name": "RHSA-2015:2500",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
},
{
"name": "RHSA-2015:2514",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
},
{
"name": "RHSA-2015:2502",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
},
{
"name": "RHSA-2015:2536",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
},
{
"name": "RHSA-2016:1773",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
},
{
"name": "RHSA-2015:2524",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
},
{
"name": "1037053",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037053"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/solutions/2045023"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/2059393"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T13:06:08.221Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:0040",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
},
{
"name": "RHSA-2015:2670",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
},
{
"name": "RHSA-2015:2501",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
},
{
"name": "RHSA-2015:2517",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
},
{
"name": "78215",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/78215"
},
{
"name": "1034097",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034097"
},
{
"name": "RHSA-2015:2671",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
},
{
"name": "1037052",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037052"
},
{
"name": "1037640",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2015:2522",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
},
{
"name": "RHSA-2015:2521",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
},
{
"name": "RHSA-2015:2516",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
},
{
"name": "RHSA-2015:2500",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
},
{
"name": "RHSA-2015:2514",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
},
{
"name": "RHSA-2015:2502",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
},
{
"name": "RHSA-2015:2536",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
},
{
"name": "RHSA-2016:1773",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
},
{
"name": "RHSA-2015:2524",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
},
{
"name": "1037053",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037053"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"url": "https://access.redhat.com/solutions/2045023"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/2059393"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7501",
"datePublished": "2017-11-09T00:00:00.000Z",
"dateReserved": "2015-09-29T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:51:28.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cnw_known_exploited": {
"CVE": "CVE-2015-7501",
"EUVD": "EUVD-2022-3799",
"cwes": "-",
"dateReported": "14/07/25",
"exploitationType": "-",
"notes": "https://www.acn.gov.it/portale/w/distribuzione-di-payload-malevoli-tramite-vulnerabilita-note",
"originSource": "CERT Italia",
"product": "Commons Collections library",
"shortDescription": "the system accepts serialized objects without verifying their origin or reliability allowing an attacker to send specially crafted payloads that are then deserialized and executed",
"threatActorsExploiting": "-",
"vendorProject": "Apache",
"vulnerabilityName": "-"
},
"epss": {
"cve": "CVE-2015-7501",
"date": "2026-05-30",
"epss": "0.71461",
"percentile": "0.98749"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-7501\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-11-09T17:29:00.203\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.\"},{\"lang\":\"es\",\"value\":\"Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x y 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x y 5.x; Enterprise Application Platform 6.x, 5.x y 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x y Red Hat Subscription Asset Manager 1.3 permiten que atacantes remotos ejecuten comandos arbitrarios mediante un objeto Java serializado manipulado. Esto est\u00e1 relacionado con la librer\u00eda ACC (Apache Commons Collections).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:data_grid:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D90858CA-996D-4A07-A57A-5E228BBED442\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C4404A-CFB7-4B47-9487-F998825C31CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_bpm_suite:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7750C45E-4D02-45D5-A3AA-CF024C20AC8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_data_virtualization:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3257F51A-C847-4251-8B1B-D8DEF11677A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CDDAFDB-E67A-4795-B2C4-C2D31734ABC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E82B2AD8-967D-4ABE-982B-87B9DE73F8D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B142ACCC-F7A9-4A3B-BE60-0D6691D5058D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CDC2527-97FE-409D-8DD6-78E085CC73C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA0930C5-C483-414C-879D-029FDE8251C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFB8FED0-E0C6-409C-A2D8-B3999265D545\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2F2F98-DB90-43F6-8F28-3656207B6188\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A305F012-544E-4245-9D69-1C8CD37748B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B78438D-1321-4BF4-AEB1-DAF60D589530\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C077D692-150C-4AE9-8C0B-7A3EA5EB1100\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_portal:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5C01A82-F078-4D08-93D0-6318272D3D8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"45690263-84D9-45A1-8C30-3ED2F0F11F47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6047BC2A-5EDB-458F-BBDB-38C0C3CF4E7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:xpaas:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F58B1F3C-C27D-4387-9164-C3E2E0960A2A\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2500.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2501.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2502.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2514.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2516.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2517.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2521.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2522.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2524.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2670.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2671.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0040.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1773.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/78215\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034097\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037052\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037053\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037640\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/security/vulnerabilities/2059393\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/solutions/2045023\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1279330\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2015-2536.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240216-0010/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2500.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2501.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2502.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2514.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2516.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2517.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2521.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2522.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2524.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2670.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-2671.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-0040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1773.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/78215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1034097\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037052\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037053\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/security/vulnerabilities/2059393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/solutions/2045023\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1279330\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2015-2536.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240216-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2016:0040
Vulnerability from csaf_redhat - Published: 2016-01-14 18:34 - Updated: 2026-05-14 22:18Summary
Red Hat Security Advisory: Red Hat JBoss Operations Network 3.1.2 Hotfix 11 update
Severity
Critical
Notes
Topic: An update for Red Hat JBoss Operations Network 3.1.2 that fixes one
security issue is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Critical security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details: JBoss Operations Network provides an integrated solution for managing
JBoss middleware, other network infrastructure, and applications built
on Red Hat Enterprise Application Platform (EAP). The Apache Commons
Collections library provides new interfaces, implementations, and
utilities to extend the features of the Java Collections Framework.
It was found that the Apache commons-collections library permitted code
execution when deserializing objects involving a specially constructed
chain of classes. A remote attacker could use this flaw to execute
arbitrary code with the permissions of the application using the
commons-collections library. (CVE-2015-7501)
Further information about this security flaw may be found at:
https://access.redhat.com/solutions/2045023
All users of JBoss Operations Network 3.1.2 as provided from the Red Hat
Customer Portal are advised to apply this update. This patch supersedes
the 3.2.1 Hotfix 10.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
7.5 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Operations Network 3.1
Red Hat / Red Hat JBoss Operations Network
|
cpe:/a:redhat:jboss_operations_network:3.1.2
|
— |
Vendor Fix
fix
|
Threats
Impact
Critical
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat JBoss Operations Network 3.1.2 that fixes one\nsecurity issue is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having Critical security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Operations Network provides an integrated solution for managing\nJBoss middleware, other network infrastructure, and applications built\non Red Hat Enterprise Application Platform (EAP). The Apache Commons\nCollections library provides new interfaces, implementations, and\nutilities to extend the features of the Java Collections Framework.\n\nIt was found that the Apache commons-collections library permitted code\nexecution when deserializing objects involving a specially constructed\nchain of classes. A remote attacker could use this flaw to execute\narbitrary code with the permissions of the application using the\ncommons-collections library. (CVE-2015-7501)\n\nFurther information about this security flaw may be found at:\nhttps://access.redhat.com/solutions/2045023\n\nAll users of JBoss Operations Network 3.1.2 as provided from the Red Hat\nCustomer Portal are advised to apply this update. This patch supersedes\nthe 3.2.1 Hotfix 10.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0040",
"url": "https://access.redhat.com/errata/RHSA-2016:0040"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.1.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.1.2"
},
{
"category": "external",
"summary": "1279330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0040.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Operations Network 3.1.2 Hotfix 11 update",
"tracking": {
"current_release_date": "2026-05-14T22:18:34+00:00",
"generator": {
"date": "2026-05-14T22:18:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2016:0040",
"initial_release_date": "2016-01-14T18:34:55+00:00",
"revision_history": [
{
"date": "2016-01-14T18:34:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-20T12:36:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:18:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Operations Network 3.1",
"product": {
"name": "Red Hat JBoss Operations Network 3.1",
"product_id": "Red Hat JBoss Operations Network 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_operations_network:3.1.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Operations Network"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7501",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2015-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1279330"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-collections: InvokerTransformer code execution during deserialisation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the Apache commons-collections library as shipped with Fuse 6.2.0 and A-MQ 6.2.0. However, this flaw is not known to be exploitable under supported scenarios in these product versions, and so has been assigned an impact of Important for these products and their respective errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Operations Network 3.1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7501"
},
{
"category": "external",
"summary": "RHBZ#1279330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"category": "external",
"summary": "RHSB-2045023",
"url": "https://access.redhat.com/solutions/2045023"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7501"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7501",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7501"
},
{
"category": "external",
"summary": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/",
"url": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/"
}
],
"release_date": "2015-11-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-01-14T18:34:55+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server\u0027s\nfile system directory, and so on).\n\nNote: This update provides fixes for the server, agent, and core GUI\ncomponents of Red Hat JBoss Operations Network. It is recommended to apply\nall the patches provided by this update.",
"product_ids": [
"Red Hat JBoss Operations Network 3.1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0040"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Operations Network 3.1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-commons-collections: InvokerTransformer code execution during deserialisation"
}
]
}
RHSA-2016:0118
Vulnerability from csaf_redhat - Published: 2016-02-03 15:00 - Updated: 2026-05-14 22:18Summary
Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.5 update
Severity
Critical
Notes
Topic: Red Hat JBoss Operations Network 3.3 update 5, which fixes two security
issues and several bugs, is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having Critical security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
Details: Red Hat JBoss Operations Network is a Middleware management solution that
provides a single point of control to deploy, manage, and monitor JBoss
Enterprise Middleware, applications, and services.
This JBoss Operations Network 3.3.5 release serves as a replacement for
JBoss Operations Network 3.3.4, and includes several bug fixes. Refer to
the Customer Portal page linked in the References section for information
on the most significant of these changes.
The following security issues are also fixed with this release:
It was found that the Apache commons-collections library permitted code
execution when deserializing objects involving a specially constructed
chain of classes. A remote attacker could use this flaw to execute
arbitrary code with the permissions of the application using the commons-
collections library. (CVE-2015-7501)
A flaw was discovered in the way applications using Groovy used the
standard Java serialization mechanism. A remote attacker could use a
specially crafted serialized object that would execute code directly
when deserialized. All applications which rely on serialization and do
not isolate the code which deserializes objects are subject to this
vulnerability. (CVE-2015-3253)
All users of JBoss Operations Network 3.3.4 as provided from the Red Hat
Customer Portal are advised to upgrade to JBoss Operations Network 3.3.5.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.
9.6 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Operations Network 3.3
Red Hat / Red Hat JBoss Operations Network
|
cpe:/a:redhat:jboss_operations_network:3.3
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
7.5 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Operations Network 3.3
Red Hat / Red Hat JBoss Operations Network
|
cpe:/a:redhat:jboss_operations_network:3.3
|
— |
Vendor Fix
fix
|
Threats
Impact
Critical
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Operations Network 3.3 update 5, which fixes two security\nissues and several bugs, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having Critical security\nimpact. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available from the CVE link in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Operations Network is a Middleware management solution that\nprovides a single point of control to deploy, manage, and monitor JBoss\nEnterprise Middleware, applications, and services.\n\nThis JBoss Operations Network 3.3.5 release serves as a replacement for\nJBoss Operations Network 3.3.4, and includes several bug fixes. Refer to\nthe Customer Portal page linked in the References section for information\non the most significant of these changes.\n\nThe following security issues are also fixed with this release:\n\nIt was found that the Apache commons-collections library permitted code\nexecution when deserializing objects involving a specially constructed\nchain of classes. A remote attacker could use this flaw to execute\narbitrary code with the permissions of the application using the commons-\ncollections library. (CVE-2015-7501)\n\nA flaw was discovered in the way applications using Groovy used the\nstandard Java serialization mechanism. A remote attacker could use a\nspecially crafted serialized object that would execute code directly\nwhen deserialized. All applications which rely on serialization and do\nnot isolate the code which deserializes objects are subject to this\nvulnerability. (CVE-2015-3253)\n\nAll users of JBoss Operations Network 3.3.4 as provided from the Red Hat\nCustomer Portal are advised to upgrade to JBoss Operations Network 3.3.5.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:0118",
"url": "https://access.redhat.com/errata/RHSA-2016:0118"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=em\u0026downloadType=securityPatches\u0026version=3.3"
},
{
"category": "external",
"summary": "1158947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1158947"
},
{
"category": "external",
"summary": "1187680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187680"
},
{
"category": "external",
"summary": "1203799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203799"
},
{
"category": "external",
"summary": "1206084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206084"
},
{
"category": "external",
"summary": "1231199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1231199"
},
{
"category": "external",
"summary": "1234991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1234991"
},
{
"category": "external",
"summary": "1243934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243934"
},
{
"category": "external",
"summary": "1255196",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255196"
},
{
"category": "external",
"summary": "1261907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261907"
},
{
"category": "external",
"summary": "1269420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1269420"
},
{
"category": "external",
"summary": "1277389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277389"
},
{
"category": "external",
"summary": "1278215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278215"
},
{
"category": "external",
"summary": "1279330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"category": "external",
"summary": "1293350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293350"
},
{
"category": "external",
"summary": "1293368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1293368"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_0118.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Operations Network 3.3.5 update",
"tracking": {
"current_release_date": "2026-05-14T22:18:34+00:00",
"generator": {
"date": "2026-05-14T22:18:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2016:0118",
"initial_release_date": "2016-02-03T15:00:55+00:00",
"revision_history": [
{
"date": "2016-02-03T15:00:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-02-20T12:37:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:18:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Operations Network 3.3",
"product": {
"name": "Red Hat JBoss Operations Network 3.3",
"product_id": "Red Hat JBoss Operations Network 3.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_operations_network:3.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Operations Network"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3253",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2015-07-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1243934"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "groovy: remote execution of untrusted code in class MethodClosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Operations Network 3.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3253"
},
{
"category": "external",
"summary": "RHBZ#1243934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3253",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3253"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3253",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3253"
},
{
"category": "external",
"summary": "http://seclists.org/oss-sec/2015/q3/121",
"url": "http://seclists.org/oss-sec/2015/q3/121"
}
],
"release_date": "2015-07-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-03T15:00:55+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server\u0027s\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.3.5 Release Notes for\ninstallation information.",
"product_ids": [
"Red Hat JBoss Operations Network 3.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0118"
},
{
"category": "workaround",
"details": "Apply the following patch on the MethodClosure class (src/main/org/codehaus/groovy/runtime/MethodClosure.java):\n\n public class MethodClosure extends Closure {\n + private Object readResolve() {\n + throw new UnsupportedOperationException();\n + \n }\n\nAlternatively, you should make sure to use a custom security policy file (using the standard Java security manager) or make sure that you do not rely on serialization to communicate remotely.",
"product_ids": [
"Red Hat JBoss Operations Network 3.3"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Operations Network 3.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "groovy: remote execution of untrusted code in class MethodClosure"
},
{
"cve": "CVE-2015-7501",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2015-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1279330"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-collections: InvokerTransformer code execution during deserialisation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the Apache commons-collections library as shipped with Fuse 6.2.0 and A-MQ 6.2.0. However, this flaw is not known to be exploitable under supported scenarios in these product versions, and so has been assigned an impact of Important for these products and their respective errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Operations Network 3.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7501"
},
{
"category": "external",
"summary": "RHBZ#1279330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"category": "external",
"summary": "RHSB-2045023",
"url": "https://access.redhat.com/solutions/2045023"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7501"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7501",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7501"
},
{
"category": "external",
"summary": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/",
"url": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/"
}
],
"release_date": "2015-11-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-02-03T15:00:55+00:00",
"details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Operations Network installation (including its databases,\napplications, configuration files, the JBoss Operations Network server\u0027s\nfile system directory, and so on).\n\nRefer to the JBoss Operations Network 3.3.5 Release Notes for\ninstallation information.",
"product_ids": [
"Red Hat JBoss Operations Network 3.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:0118"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Red Hat JBoss Operations Network 3.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-commons-collections: InvokerTransformer code execution during deserialisation"
}
]
}
RHSA-2016:1773
Vulnerability from csaf_redhat - Published: 2016-08-24 19:41 - Updated: 2026-05-14 22:17Summary
Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.10 security, bug fix, and enhancement update
Severity
Important
Notes
Topic: An update is now available for Red Hat OpenShift Enterprise 2.2.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.
* The Jenkins continuous integration server has been updated to upstream
version 1.651.2 LTS that addresses a large number of security issues,
including open redirects, a potential denial of service, unsafe handling of
user provided environment variables and several instances of sensitive
information disclosure. (CVE-2014-3577, CVE-2016-0788, CVE-2016-0789,
CVE-2016-0790, CVE-2016-0791, CVE-2016-0792, CVE-2016-3721, CVE-2016-3722,
CVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727,
CVE-2015-7501)
Space precludes documenting all of the bug fixes and enhancements in this
advisory. See the OpenShift Enterprise Technical Notes, which will be
updated shortly for release 2.2.10, for details about these changes:
https://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html
All OpenShift Enterprise 2 users are advised to upgrade to these updated
packages.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.
4.8 (Medium)
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
7.5 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Critical
The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.
7.5 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
5.5 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.
5.1 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.
3.6 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
7.5 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Important
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
4.0 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the "full name."
3.5 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.
5.0 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.
4.0 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
3.5 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to "scheme-relative" URLs.
3.5 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.
4.0 ()
Affected products
Fixed
68 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
88 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat OpenShift Enterprise 2.2.\n\nRed Hat Product Security has rated this update as having a security impact \nof Important. A Common Vulnerability Scoring System (CVSS) base score, \nwhich gives a detailed severity rating, is available for each vulnerability \nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Enterprise by Red Hat is the company\u0027s cloud computing\nPlatform-as-a-Service (PaaS) solution designed for on-premise or\nprivate cloud deployments.\n\n* The Jenkins continuous integration server has been updated to upstream \nversion 1.651.2 LTS that addresses a large number of security issues, \nincluding open redirects, a potential denial of service, unsafe handling of\nuser provided environment variables and several instances of sensitive \ninformation disclosure. (CVE-2014-3577, CVE-2016-0788, CVE-2016-0789,\nCVE-2016-0790, CVE-2016-0791, CVE-2016-0792, CVE-2016-3721, CVE-2016-3722,\nCVE-2016-3723, CVE-2016-3724, CVE-2016-3725, CVE-2016-3726, CVE-2016-3727,\nCVE-2015-7501)\n\nSpace precludes documenting all of the bug fixes and enhancements in this \nadvisory. See the OpenShift Enterprise Technical Notes, which will be \nupdated shortly for release 2.2.10, for details about these changes:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/Technical_Notes/index.html\n\nAll OpenShift Enterprise 2 users are advised to upgrade to these updated \npackages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2016:1773",
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1129074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1129074"
},
{
"category": "external",
"summary": "1196783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196783"
},
{
"category": "external",
"summary": "1217403",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1217403"
},
{
"category": "external",
"summary": "1266239",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1266239"
},
{
"category": "external",
"summary": "1274852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1274852"
},
{
"category": "external",
"summary": "1279330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"category": "external",
"summary": "1282852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282852"
},
{
"category": "external",
"summary": "1311722",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311722"
},
{
"category": "external",
"summary": "1311946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311946"
},
{
"category": "external",
"summary": "1311947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311947"
},
{
"category": "external",
"summary": "1311948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311948"
},
{
"category": "external",
"summary": "1311949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311949"
},
{
"category": "external",
"summary": "1311950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311950"
},
{
"category": "external",
"summary": "1335415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335415"
},
{
"category": "external",
"summary": "1335416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335416"
},
{
"category": "external",
"summary": "1335417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335417"
},
{
"category": "external",
"summary": "1335418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335418"
},
{
"category": "external",
"summary": "1335420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335420"
},
{
"category": "external",
"summary": "1335421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335421"
},
{
"category": "external",
"summary": "1335422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335422"
},
{
"category": "external",
"summary": "1358938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358938"
},
{
"category": "external",
"summary": "1361305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361305"
},
{
"category": "external",
"summary": "1361306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361306"
},
{
"category": "external",
"summary": "1361307",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361307"
},
{
"category": "external",
"summary": "1362666",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362666"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_1773.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise 2.2.10 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-05-14T22:17:52+00:00",
"generator": {
"date": "2026-05-14T22:17:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2016:1773",
"initial_release_date": "2016-08-24T19:41:18+00:00",
"revision_history": [
{
"date": "2016-08-24T19:41:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2016-08-24T19:41:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:17:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Node 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Infrastructure 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise Client 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product": {
"name": "Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product_id": "6Server-RHOSE-JBOSSEAP-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:2.0::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"product": {
"name": "ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"product_id": "ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ImageMagick-perl@6.7.2.7-5.el6_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"product": {
"name": "ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"product_id": "ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ImageMagick-debuginfo@6.7.2.7-5.el6_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"product": {
"name": "ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"product_id": "ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ImageMagick-devel@6.7.2.7-5.el6_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"product": {
"name": "ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"product_id": "ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ImageMagick-doc@6.7.2.7-5.el6_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"product": {
"name": "libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"product_id": "libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcgroup-pam@0.40.rc1-18.el6_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"product": {
"name": "libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"product_id": "libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcgroup-debuginfo@0.40.rc1-18.el6_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"product": {
"name": "activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"product_id": "activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/activemq-client@5.9.0-6.redhat.611463.el6op?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"product": {
"name": "activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"product_id": "activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611463.el6op?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "ImageMagick-0:6.7.2.7-5.el6_8.src",
"product": {
"name": "ImageMagick-0:6.7.2.7-5.el6_8.src",
"product_id": "ImageMagick-0:6.7.2.7-5.el6_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ImageMagick@6.7.2.7-5.el6_8?arch=src"
}
}
},
{
"category": "product_version",
"name": "libcgroup-0:0.40.rc1-18.el6_8.src",
"product": {
"name": "libcgroup-0:0.40.rc1-18.el6_8.src",
"product_id": "libcgroup-0:0.40.rc1-18.el6_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libcgroup@0.40.rc1-18.el6_8?arch=src"
}
}
},
{
"category": "product_version",
"name": "jenkins-0:1.651.2-1.el6op.src",
"product": {
"name": "jenkins-0:1.651.2-1.el6op.src",
"product_id": "jenkins-0:1.651.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@1.651.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "activemq-0:5.9.0-6.redhat.611463.el6op.src",
"product": {
"name": "activemq-0:5.9.0-6.redhat.611463.el6op.src",
"product_id": "activemq-0:5.9.0-6.redhat.611463.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/activemq@5.9.0-6.redhat.611463.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-frontend-haproxy-sni-proxy@0.5.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"product": {
"name": "openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"product_id": "openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.3.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-admin-console@1.28.2.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"product_id": "rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-routing-daemon@0.26.6.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"product": {
"name": "openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"product_id": "openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker@1.16.3.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"product": {
"name": "openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"product_id": "openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-util@1.38.7.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhc-0:1.38.7.1-1.el6op.src",
"product": {
"name": "rhc-0:1.38.7.1-1.el6op.src",
"product_id": "rhc-0:1.38.7.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@1.38.7.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.3.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-ruby@1.32.2.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"product_id": "openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.3.3-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.29.2.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-perl@1.30.2.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.4.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.4.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbossews@1.35.5.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"product_id": "openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jenkins-client@1.26.1.1-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.6.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-nodejs@1.33.1.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbosseap@2.27.4.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-mongodb@1.26.2.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"product": {
"name": "openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"product_id": "openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-diy@1.26.2.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"product": {
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"product_id": "openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.2-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src",
"product_id": "rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.6.4-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"product_id": "rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.6.4-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"product": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"product_id": "rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-msg-broker-mcollective@1.36.2.4-1.el6op?arch=src"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"product": {
"name": "openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"product_id": "openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker-util@1.37.6.2-1.el6op?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jenkins-0:1.651.2-1.el6op.noarch",
"product": {
"name": "jenkins-0:1.651.2-1.el6op.noarch",
"product_id": "jenkins-0:1.651.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jenkins@1.651.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-frontend-haproxy-sni-proxy@0.5.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"product_id": "openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-proxy@1.26.3.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-admin-console@1.28.2.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-routing-daemon@0.26.6.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"product_id": "openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker@1.16.3.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"product_id": "openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-node-util@1.38.7.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhc-0:1.38.7.1-1.el6op.noarch",
"product": {
"name": "rhc-0:1.38.7.1-1.el6op.noarch",
"product_id": "rhc-0:1.38.7.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@1.38.7.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-python@1.34.3.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-ruby@1.32.2.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-mysql@1.31.3.3-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jenkins@1.29.2.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-perl@1.30.2.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-php@1.35.4.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-cron@1.25.4.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbossews@1.35.5.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jenkins-client@1.26.1.1-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-haproxy@1.31.6.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-nodejs@1.33.1.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-jbosseap@2.27.4.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-mongodb@1.26.2.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"product_id": "openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-cartridge-diy@1.26.2.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"product_id": "openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-msg-node-mcollective@1.30.2.2-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-node@1.38.6.4-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-controller@1.38.6.4-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"product": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"product_id": "rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-openshift-origin-msg-broker-mcollective@1.36.2.4-1.el6op?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"product": {
"name": "openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"product_id": "openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/openshift-origin-broker-util@1.37.6.2-1.el6op?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-0:1.38.7.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch"
},
"product_reference": "rhc-0:1.38.7.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-CLIENT-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-0:1.38.7.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Client 2.2",
"product_id": "6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src"
},
"product_reference": "rhc-0:1.38.7.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-CLIENT-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-0:5.9.0-6.redhat.611463.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src"
},
"product_reference": "activemq-0:5.9.0-6.redhat.611463.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64"
},
"product_reference": "activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64"
},
"product_reference": "activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-0:1.16.3.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-0:1.16.3.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src"
},
"product_reference": "openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-broker-util-0:1.37.6.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src"
},
"product_reference": "openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Infrastructure 2.2",
"product_id": "6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-INFRA-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product_id": "6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-JBOSSEAP-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src as a component of Red Hat OpenShift Enterprise JBoss EAP add-on 2.2",
"product_id": "6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-JBOSSEAP-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-0:6.7.2.7-5.el6_8.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src"
},
"product_reference": "ImageMagick-0:6.7.2.7-5.el6_8.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64"
},
"product_reference": "ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64"
},
"product_reference": "ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64"
},
"product_reference": "ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64"
},
"product_reference": "ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-0:5.9.0-6.redhat.611463.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src"
},
"product_reference": "activemq-0:5.9.0-6.redhat.611463.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-0:5.9.0-6.redhat.611463.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64"
},
"product_reference": "activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64"
},
"product_reference": "activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:1.651.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch"
},
"product_reference": "jenkins-0:1.651.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jenkins-0:1.651.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src"
},
"product_reference": "jenkins-0:1.651.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcgroup-0:0.40.rc1-18.el6_8.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src"
},
"product_reference": "libcgroup-0:0.40.rc1-18.el6_8.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64"
},
"product_reference": "libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64 as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64"
},
"product_reference": "libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src"
},
"product_reference": "openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch"
},
"product_reference": "openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src"
},
"product_reference": "openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src"
},
"product_reference": "openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch"
},
"product_reference": "openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-origin-node-util-0:1.38.7.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src"
},
"product_reference": "openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch"
},
"product_reference": "rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src as a component of Red Hat OpenShift Enterprise Node 2.2",
"product_id": "6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
},
"product_reference": "rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src",
"relates_to_product_reference": "6Server-RHOSE-NODE-2.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-3577",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"discovery_date": "2014-08-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1129074"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject\u0027s Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/solutions/1165533\n\nThis issue affects the versions of HttpComponents Client as shipped with Red Hat JBoss Data Grid 6 and Red Hat JBoss Data Virtualization 6; and ModeShape Client as shipped with Red Hat JBoss Data Virtualization 6. However, this flaw is not known to be exploitable under any supported scenario in Red Hat JBoss Data Grid 6 and JBoss Data Virtualization 6. A future update may address this issue.\n\nRed Hat JBoss Enterprise Application Platform 4, Red Hat JBoss SOA Platform 4, and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/\n\nFuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2014-3577"
},
{
"category": "external",
"summary": "RHBZ#1129074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1129074"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3577"
}
],
"release_date": "2014-08-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix"
},
{
"cve": "CVE-2015-7501",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2015-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1279330"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-collections: InvokerTransformer code execution during deserialisation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the Apache commons-collections library as shipped with Fuse 6.2.0 and A-MQ 6.2.0. However, this flaw is not known to be exploitable under supported scenarios in these product versions, and so has been assigned an impact of Important for these products and their respective errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7501"
},
{
"category": "external",
"summary": "RHBZ#1279330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"category": "external",
"summary": "RHSB-2045023",
"url": "https://access.redhat.com/solutions/2045023"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7501"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7501",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7501"
},
{
"category": "external",
"summary": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/",
"url": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/"
}
],
"release_date": "2015-11-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "apache-commons-collections: InvokerTransformer code execution during deserialisation"
},
{
"cve": "CVE-2016-0788",
"discovery_date": "2016-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311946"
}
],
"notes": [
{
"category": "description",
"text": "The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Remote code execution vulnerability in remoting module (SECURITY-232)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0788"
},
{
"category": "external",
"summary": "RHBZ#1311946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0788",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0788"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24"
}
],
"release_date": "2016-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins: Remote code execution vulnerability in remoting module (SECURITY-232)"
},
{
"cve": "CVE-2016-0789",
"discovery_date": "2016-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311947"
}
],
"notes": [
{
"category": "description",
"text": "CRLF injection vulnerability in the CLI command documentation in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: HTTP response splitting vulnerability (SECURITY-238)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0789"
},
{
"category": "external",
"summary": "RHBZ#1311947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0789",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0789"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24"
}
],
"release_date": "2016-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: HTTP response splitting vulnerability (SECURITY-238)"
},
{
"cve": "CVE-2016-0790",
"discovery_date": "2016-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311948"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Non-constant time comparison of API token (SECURITY-241)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0790"
},
{
"category": "external",
"summary": "RHBZ#1311948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0790",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0790"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24"
}
],
"release_date": "2016-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins: Non-constant time comparison of API token (SECURITY-241)"
},
{
"cve": "CVE-2016-0791",
"discovery_date": "2016-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311949"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify CSRF tokens, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force approach.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0791"
},
{
"category": "external",
"summary": "RHBZ#1311949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0791",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0791"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24"
}
],
"release_date": "2016-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245)"
},
{
"cve": "CVE-2016-0792",
"discovery_date": "2016-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1311950"
}
],
"notes": [
{
"category": "description",
"text": "Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Remote code execution through remote API (SECURITY-247)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0792"
},
{
"category": "external",
"summary": "RHBZ#1311950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311950"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0792",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0792"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0792",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0792"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24"
}
],
"release_date": "2016-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jenkins: Remote code execution through remote API (SECURITY-247)"
},
{
"cve": "CVE-2016-3721",
"discovery_date": "2016-05-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1335415"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3721"
},
{
"category": "external",
"summary": "RHBZ#1335415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335415"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3721",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3721"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3721",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3721"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
}
],
"release_date": "2016-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Arbitrary build parameters are passed to build scripts as environment variables (SECURITY-170)"
},
{
"cve": "CVE-2016-3722",
"discovery_date": "2016-05-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1335416"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with multiple accounts to cause a denial of service (unable to login) by editing the \"full name.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3722"
},
{
"category": "external",
"summary": "RHBZ#1335416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3722",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3722"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3722",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3722"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
}
],
"release_date": "2016-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jenkins: Malicious users with multiple user accounts can prevent other users from logging in (SECURITY-243)"
},
{
"cve": "CVE-2016-3723",
"discovery_date": "2016-05-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1335417"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Information on installed plugins exposed via API (SECURITY-250)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3723"
},
{
"category": "external",
"summary": "RHBZ#1335417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335417"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3723",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3723"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
}
],
"release_date": "2016-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Information on installed plugins exposed via API (SECURITY-250)"
},
{
"cve": "CVE-2016-3724",
"discovery_date": "2016-05-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1335418"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3724"
},
{
"category": "external",
"summary": "RHBZ#1335418",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335418"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3724",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3724"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
}
],
"release_date": "2016-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)"
},
{
"cve": "CVE-2016-3725",
"discovery_date": "2016-05-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1335420"
}
],
"notes": [
{
"category": "description",
"text": "Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Regular users can trigger download of update site metadata (SECURITY-273)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3725"
},
{
"category": "external",
"summary": "RHBZ#1335420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335420"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3725",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3725"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
}
],
"release_date": "2016-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jenkins: Regular users can trigger download of update site metadata (SECURITY-273)"
},
{
"cve": "CVE-2016-3726",
"discovery_date": "2016-05-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1335421"
}
],
"notes": [
{
"category": "description",
"text": "Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS before 1.651.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors related to \"scheme-relative\" URLs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Open redirect to scheme-relative URLs (SECURITY-276)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3726"
},
{
"category": "external",
"summary": "RHBZ#1335421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335421"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3726",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3726"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
}
],
"release_date": "2016-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Open redirect to scheme-relative URLs (SECURITY-276)"
},
{
"cve": "CVE-2016-3727",
"discovery_date": "2016-05-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1335422"
}
],
"notes": [
{
"category": "description",
"text": "The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users with extended read permission for the master node to obtain sensitive information about the global configuration via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-3727"
},
{
"category": "external",
"summary": "RHBZ#1335422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1335422"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-3727",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-3727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3727"
},
{
"category": "external",
"summary": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11"
}
],
"release_date": "2016-05-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2016-08-24T19:41:18+00:00",
"details": "Before applying this update, make sure all previously released errata \nrelevant to your system have been applied.\n\nSee the OpenShift Enterprise 2.2 Release Notes, which will be updated \nshortly for release 2.2.10, for important instructions on how to fully \napply this asynchronous errata update:\n\nhttps://access.redhat.com/documentation/en-US/OpenShift_Enterprise/2/html-single/2.2_Release_Notes/index.html#chap-Asynchronous_Errata_Updates\n\nThis update is available via the Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at \nhttps://access.redhat.com/articles/11258.",
"product_ids": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2016:1773"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-CLIENT-2.2:rhc-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-INFRA-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-0:1.16.3.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:openshift-origin-broker-util-0:1.37.6.2-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-admin-console-0:1.28.2.1-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-controller-0:1.38.6.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-msg-broker-mcollective-0:1.36.2.4-1.el6op.src",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.noarch",
"6Server-RHOSE-INFRA-2.2:rubygem-openshift-origin-routing-daemon-0:0.26.6.1-1.el6op.src",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.noarch",
"6Server-RHOSE-JBOSSEAP-2.2:openshift-origin-cartridge-jbosseap-0:2.27.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-0:6.7.2.7-5.el6_8.src",
"6Server-RHOSE-NODE-2.2:ImageMagick-debuginfo-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-devel-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-doc-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:ImageMagick-perl-0:6.7.2.7-5.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.src",
"6Server-RHOSE-NODE-2.2:activemq-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:activemq-client-0:5.9.0-6.redhat.611463.el6op.x86_64",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:jenkins-0:1.651.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:libcgroup-0:0.40.rc1-18.el6_8.src",
"6Server-RHOSE-NODE-2.2:libcgroup-debuginfo-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:libcgroup-pam-0:0.40.rc1-18.el6_8.x86_64",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-cron-0:1.25.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-diy-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-haproxy-0:1.31.6.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jbossews-0:1.35.5.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-0:1.29.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-jenkins-client-0:1.26.1.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mongodb-0:1.26.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-mysql-0:1.31.3.3-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-nodejs-0:1.33.1.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-perl-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-php-0:1.35.4.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-python-0:1.34.3.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-cartridge-ruby-0:1.32.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-msg-node-mcollective-0:1.30.2.2-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-proxy-0:1.26.3.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:openshift-origin-node-util-0:1.38.7.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-frontend-haproxy-sni-proxy-0:0.5.2.1-1.el6op.src",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.noarch",
"6Server-RHOSE-NODE-2.2:rubygem-openshift-origin-node-0:1.38.6.4-1.el6op.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jenkins: Granting the permission to read node configurations allows access to overall system configuration (SECURITY-281)"
}
]
}
RHSA-2020:4274
Vulnerability from csaf_redhat - Published: 2020-10-19 09:45 - Updated: 2026-05-14 22:18Summary
Red Hat Security Advisory: rh-maven35-apache-commons-collections4 security update
Severity
Important
Notes
Topic: An update for rh-maven35-apache-commons-collections4 is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework.
Security Fix(es):
* apache-commons-collections: InvokerTransformer code execution during deserialisation (CVE-2015-7501)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
7.5 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-maven35-apache-commons-collections4 is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework.\n\nSecurity Fix(es):\n\n* apache-commons-collections: InvokerTransformer code execution during deserialisation (CVE-2015-7501)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4274",
"url": "https://access.redhat.com/errata/RHSA-2020:4274"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/solutions/2045023",
"url": "https://access.redhat.com/solutions/2045023"
},
{
"category": "external",
"summary": "1279330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4274.json"
}
],
"title": "Red Hat Security Advisory: rh-maven35-apache-commons-collections4 security update",
"tracking": {
"current_release_date": "2026-05-14T22:18:34+00:00",
"generator": {
"date": "2026-05-14T22:18:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:4274",
"initial_release_date": "2020-10-19T09:45:29+00:00",
"revision_history": [
{
"date": "2020-10-19T09:45:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-10-19T09:45:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:18:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"product": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"product_id": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-apache-commons-collections4@4.0-7.3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"product": {
"name": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"product_id": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-apache-commons-collections4-javadoc@4.0-7.3.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"product": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"product_id": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-apache-commons-collections4@4.0-7.3.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src"
},
"product_reference": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src"
},
"product_reference": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src"
},
"product_reference": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src"
},
"product_reference": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src"
},
"product_reference": "rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7501",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2015-11-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1279330"
}
],
"notes": [
{
"category": "description",
"text": "It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-collections: InvokerTransformer code execution during deserialisation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the Apache commons-collections library as shipped with Fuse 6.2.0 and A-MQ 6.2.0. However, this flaw is not known to be exploitable under supported scenarios in these product versions, and so has been assigned an impact of Important for these products and their respective errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-7501"
},
{
"category": "external",
"summary": "RHBZ#1279330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"category": "external",
"summary": "RHSB-2045023",
"url": "https://access.redhat.com/solutions/2045023"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7501"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-7501",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7501"
},
{
"category": "external",
"summary": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/",
"url": "http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/"
}
],
"release_date": "2015-11-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-19T09:45:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4274"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-Alt-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-RHSCL-3.5-7.6.Z:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-RHSCL-3.5-7.7.Z:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Server-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.noarch",
"7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-0:4.0-7.3.el7.src",
"7Workstation-RHSCL-3.5:rh-maven35-apache-commons-collections4-javadoc-0:4.0-7.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-commons-collections: InvokerTransformer code execution during deserialisation"
}
]
}
WID-SEC-W-2022-1738
Vulnerability from csaf_certbund - Published: 2022-10-16 22:00 - Updated: 2025-11-03 23:00Summary
IBM InfoSphere Information Server: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, einen Cross-Site-Scripting-Angriff durchzuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Tivoli Business Service Manager
IBM
|
cpe:/a:ibm:tivoli_business_service_manager:-
|
— | |
|
IBM InfoSphere Information Server 11.7
IBM / InfoSphere Information Server
|
cpe:/a:ibm:infosphere_information_server:11.7
|
11.7 | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— |
References
18 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um seine Privilegien zu erweitern, beliebigen Programmcode auszuf\u00fchren, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1738 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1738.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1738 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1738"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829353 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829353"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829371 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829371"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829373 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829373"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829335 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829335"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829311 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829311"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829369 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829369"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829325 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829325"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829365 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829365"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829361 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829361"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829339 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829339"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829349 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829349"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829363 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829363"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6829327 vom 2022-10-16",
"url": "https://www.ibm.com/support/pages/node/6829327"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6955819 vom 2023-02-15",
"url": "https://www.ibm.com/support/pages/node/6955819"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7038982 vom 2023-09-28",
"url": "https://www.ibm.com/support/pages/node/7038982"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249676 vom 2025-11-03",
"url": "https://www.ibm.com/support/pages/node/7249676"
}
],
"source_lang": "en-US",
"title": "IBM InfoSphere Information Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-03T23:00:00.000+00:00",
"generator": {
"date": "2025-11-04T07:18:25.963+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2022-1738",
"initial_release_date": "2022-10-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-10-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-11-03T23:00:00.000+00:00",
"number": "2",
"summary": "CVE erg\u00e4nzt"
},
{
"date": "2023-02-15T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-09-27T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-11-03T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.7",
"product": {
"name": "IBM InfoSphere Information Server 11.7",
"product_id": "444803",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
},
{
"category": "product_name",
"name": "IBM Tivoli Business Service Manager",
"product": {
"name": "IBM Tivoli Business Service Manager",
"product_id": "5175",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_business_service_manager:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-0217",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2009-0217"
},
{
"cve": "CVE-2009-2625",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2009-2625"
},
{
"cve": "CVE-2012-0881",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2012-0881"
},
{
"cve": "CVE-2012-2098",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2012-2098"
},
{
"cve": "CVE-2013-2172",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2013-2172"
},
{
"cve": "CVE-2013-4002",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2013-4002"
},
{
"cve": "CVE-2013-4517",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2013-4517"
},
{
"cve": "CVE-2015-4852",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2015-4852"
},
{
"cve": "CVE-2015-6420",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2015-6420"
},
{
"cve": "CVE-2015-7501",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2015-7501"
},
{
"cve": "CVE-2017-15708",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2017-15708"
},
{
"cve": "CVE-2019-13116",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2019-13116"
},
{
"cve": "CVE-2021-33813",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-33813"
},
{
"cve": "CVE-2021-36373",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-36373"
},
{
"cve": "CVE-2021-36374",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-36374"
},
{
"cve": "CVE-2021-40690",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-40690"
},
{
"cve": "CVE-2021-41089",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-41089"
},
{
"cve": "CVE-2021-41091",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2021-41091"
},
{
"cve": "CVE-2022-22442",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-22442"
},
{
"cve": "CVE-2022-23437",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-23437"
},
{
"cve": "CVE-2022-24769",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-24769"
},
{
"cve": "CVE-2022-30608",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-30608"
},
{
"cve": "CVE-2022-30615",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-30615"
},
{
"cve": "CVE-2022-31129",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-35642",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-35642"
},
{
"cve": "CVE-2022-35717",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-35717"
},
{
"cve": "CVE-2022-36109",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-36109"
},
{
"cve": "CVE-2022-40235",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-40235"
},
{
"cve": "CVE-2022-40747",
"product_status": {
"known_affected": [
"5175",
"444803",
"T021415"
]
},
"release_date": "2022-10-16T22:00:00.000+00:00",
"title": "CVE-2022-40747"
}
]
}
WID-SEC-W-2024-1277
Vulnerability from csaf_certbund - Published: 2017-04-18 22:00 - Updated: 2024-11-11 23:00Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Severity
Kritisch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um dadurch die Integrität, Vertraulichkeit und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
In Oracle Fusion Middleware existieren mehrere nicht näher beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "High" für "Integrity", "Confidentiality" und "Availability" und bewirkt damit eine "hohe" Schadenshöhe.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle WebCenter Sites
Oracle
|
cpe:/a:oracle:webcenter_sites:-
|
— | |
|
Oracle Fusion Middleware
Oracle
|
cpe:/a:oracle:fusion_middleware:-
|
— |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1277 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2024-1277.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1277 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1277"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2017 - Oracle Fusion Middleware vom 2017-04-18",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixFMW"
},
{
"category": "external",
"summary": "CISA Known Exploited Vulnerabilities Catalog vom 2024-06-03",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"source_lang": "en-US",
"title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-11-11T23:00:00.000+00:00",
"generator": {
"date": "2024-11-12T10:06:32.931+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-1277",
"initial_release_date": "2017-04-18T22:00:00.000+00:00",
"revision_history": [
{
"date": "2017-04-18T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-04-18T22:00:00.000+00:00",
"number": "2",
"summary": "n"
},
{
"date": "2017-04-18T22:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2024-06-03T22:00:00.000+00:00",
"number": "4",
"summary": "Aktive Ausnutzung gemeldet"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "5",
"summary": "Korrektur"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Fusion Middleware",
"product": {
"name": "Oracle Fusion Middleware",
"product_id": "T006198",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:fusion_middleware:-"
}
}
},
{
"category": "product_name",
"name": "Oracle WebCenter Sites",
"product": {
"name": "Oracle WebCenter Sites",
"product_id": "T009734",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:webcenter_sites:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-1007",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2012-1007"
},
{
"cve": "CVE-2014-0114",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2015-5351",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2015-5351"
},
{
"cve": "CVE-2015-7501",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2015-7501"
},
{
"cve": "CVE-2016-0706",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-0706"
},
{
"cve": "CVE-2016-0714",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-0714"
},
{
"cve": "CVE-2016-0763",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-0763"
},
{
"cve": "CVE-2016-1181",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-1181"
},
{
"cve": "CVE-2016-1182",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-1182"
},
{
"cve": "CVE-2016-2177",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2177"
},
{
"cve": "CVE-2016-2178",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2178"
},
{
"cve": "CVE-2016-2179",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2179"
},
{
"cve": "CVE-2016-2180",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2180"
},
{
"cve": "CVE-2016-2181",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2181"
},
{
"cve": "CVE-2016-2182",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2182"
},
{
"cve": "CVE-2016-2183",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-2183"
},
{
"cve": "CVE-2016-6302",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6302"
},
{
"cve": "CVE-2016-6303",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6303"
},
{
"cve": "CVE-2016-6304",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6304"
},
{
"cve": "CVE-2016-6305",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6305"
},
{
"cve": "CVE-2016-6306",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6306"
},
{
"cve": "CVE-2016-6307",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6307"
},
{
"cve": "CVE-2016-6308",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6308"
},
{
"cve": "CVE-2016-6309",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-6309"
},
{
"cve": "CVE-2016-7052",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2016-7052"
},
{
"cve": "CVE-2017-3230",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3230"
},
{
"cve": "CVE-2017-3499",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3499"
},
{
"cve": "CVE-2017-3506",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3506"
},
{
"cve": "CVE-2017-3507",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3507"
},
{
"cve": "CVE-2017-3531",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3531"
},
{
"cve": "CVE-2017-3540",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3540"
},
{
"cve": "CVE-2017-3541",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3541"
},
{
"cve": "CVE-2017-3542",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3542"
},
{
"cve": "CVE-2017-3543",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3543"
},
{
"cve": "CVE-2017-3545",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3545"
},
{
"cve": "CVE-2017-3553",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3553"
},
{
"cve": "CVE-2017-3554",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3554"
},
{
"cve": "CVE-2017-3591",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3591"
},
{
"cve": "CVE-2017-3593",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3593"
},
{
"cve": "CVE-2017-3594",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3594"
},
{
"cve": "CVE-2017-3595",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3595"
},
{
"cve": "CVE-2017-3596",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3596"
},
{
"cve": "CVE-2017-3597",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3597"
},
{
"cve": "CVE-2017-3598",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3598"
},
{
"cve": "CVE-2017-3601",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3601"
},
{
"cve": "CVE-2017-3602",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3602"
},
{
"cve": "CVE-2017-3603",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3603"
},
{
"cve": "CVE-2017-3625",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3625"
},
{
"cve": "CVE-2017-3626",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-3626"
},
{
"cve": "CVE-2017-5638",
"notes": [
{
"category": "description",
"text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
}
],
"product_status": {
"known_affected": [
"T009734",
"T006198"
]
},
"release_date": "2017-04-18T22:00:00.000+00:00",
"title": "CVE-2017-5638"
}
]
}
WID-SEC-W-2025-2440
Vulnerability from csaf_certbund - Published: 2015-11-22 23:00 - Updated: 2025-10-29 23:00Summary
Red Hat JBoss Enterprise Application Platform: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit den Rechten des Dienstes
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: JBoss Enterprise Application Platform ist eine skalierbare Plattform für Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat JBoss Enterprise Application Platform 6
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:6::el6
|
6 | |
|
Red Hat JBoss Enterprise Application Platform 5
Red Hat / JBoss Enterprise Application Platform
|
cpe:/a:redhat:jboss_enterprise_application_platform:5
|
5 | |
|
Red Hat Enterprise Linux 7
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:7
|
7 | |
|
Red Hat Enterprise Linux 6
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:6
|
6 | |
|
Red Hat JBoss Operations Network (JON)
Red Hat
|
cpe:/a:redhat:jboss_operations_network:3.2.3
|
— | |
|
Red Hat JBoss Web Server
Red Hat
|
cpe:/a:redhat:jboss_enterprise_web_server:-
|
— | |
|
Open Source CentOS 6
Open Source / CentOS
|
cpe:/o:centos:centos:6
|
6 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:-
|
— |
References
28 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Enterprise Application Platform ist eine skalierbare Plattform f\u00fcr Java-Anwendungen, inklusive JBoss Application Server, JBoss Hibernate und Boss Seam.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat JBoss Enterprise Application Platform ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2440 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2015/wid-sec-w-2025-2440.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2440 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2440"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2500 vom 2015-11-20",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2500.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2501 vom 2015-11-20",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2501.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2502 vom 2015-11-20",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2502.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory: RHSA-2015:2514 vom 2015-11-26",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2514.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2517 vom 2015-11-26",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2517.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory: RHSA-2015-2516 vom 2015-11-26",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2516.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory: RHSA-2015:2522 vom 2015-11-30",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2522.html"
},
{
"category": "external",
"summary": "RedHat Security Advisory: RHSA-2015:2521 vom 2015-11-30",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2521.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2524 vom 2015-12-01",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2524.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2523 vom 2015-12-01",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2523.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2537 vom 2015-12-01",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2537.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2536 vom 2015-12-01",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2535 vom 2015-12-01",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2535.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2534 vom 2015-12-01",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2534.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2542-1 vom 2015-12-02",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2542.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2539-1 vom 2015-12-02",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2539.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2538-1 vom 2015-12-02",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2538.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2540-1 vom 2015-12-02",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2540.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2541-1 vom 2015-12-02",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2541.html"
},
{
"category": "external",
"summary": "CentOS Security Advisory CESA-2015:2521 vom 2015-12-02",
"url": "https://lists.centos.org/pipermail/centos-announce/2015-December/021512.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2548 vom 2015-12-04",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2548.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2015:2547 vom 2015-12-04",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2547.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2016:0040 vom 2016-01-15",
"url": "https://rhn.redhat.com/errata/RHSA-2016-0040.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:4274 vom 2020-10-19",
"url": "https://access.redhat.com/errata/RHSA-2020:4274"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:5614 vom 2020-12-21",
"url": "https://access.redhat.com/errata/RHSA-2020:5614"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20240216-0010 vom 2025-10-29",
"url": "https://security.netapp.com/advisory/NTAP-20240216-0010"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss Enterprise Application Platform: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode mit den Rechten des Dienstes",
"tracking": {
"current_release_date": "2025-10-29T23:00:00.000+00:00",
"generator": {
"date": "2025-10-30T08:13:38.092+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2440",
"initial_release_date": "2015-11-22T23:00:00.000+00:00",
"revision_history": [
{
"date": "2015-11-22T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2015-11-22T23:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2015-11-22T23:00:00.000+00:00",
"number": "3",
"summary": "Version nicht vorhanden"
},
{
"date": "2015-11-24T23:00:00.000+00:00",
"number": "4",
"summary": "New remediations available"
},
{
"date": "2015-11-25T23:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2015-11-25T23:00:00.000+00:00",
"number": "6",
"summary": "New remediations available"
},
{
"date": "2015-11-25T23:00:00.000+00:00",
"number": "7",
"summary": "Version nicht vorhanden"
},
{
"date": "2015-11-30T23:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2015-11-30T23:00:00.000+00:00",
"number": "9",
"summary": "Version nicht vorhanden"
},
{
"date": "2015-11-30T23:00:00.000+00:00",
"number": "10",
"summary": "Version nicht vorhanden"
},
{
"date": "2015-12-02T23:00:00.000+00:00",
"number": "11",
"summary": "New remediations available"
},
{
"date": "2015-12-02T23:00:00.000+00:00",
"number": "12",
"summary": "Version nicht vorhanden"
},
{
"date": "2015-12-02T23:00:00.000+00:00",
"number": "13",
"summary": "Version nicht vorhanden"
},
{
"date": "2015-12-06T23:00:00.000+00:00",
"number": "14",
"summary": "New remediations available"
},
{
"date": "2015-12-06T23:00:00.000+00:00",
"number": "15",
"summary": "New remediations available"
},
{
"date": "2015-12-06T23:00:00.000+00:00",
"number": "16",
"summary": "Version nicht vorhanden"
},
{
"date": "2016-01-14T23:00:00.000+00:00",
"number": "17",
"summary": "New remediations available"
},
{
"date": "2020-10-18T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-12-21T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-29T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von NetApp aufgenommen"
}
],
"status": "final",
"version": "20"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T044145",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "6",
"product": {
"name": "Open Source CentOS 6",
"product_id": "160056",
"product_identification_helper": {
"cpe": "cpe:/o:centos:centos:6"
}
}
}
],
"category": "product_name",
"name": "CentOS"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "6",
"product": {
"name": "Red Hat Enterprise Linux 6",
"product_id": "120737",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6"
}
}
},
{
"category": "product_version",
"name": "7",
"product": {
"name": "Red Hat Enterprise Linux 7",
"product_id": "T003303",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "6",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 6",
"product_id": "T001735",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6"
}
}
},
{
"category": "product_version",
"name": "5",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 5",
"product_id": "T006545",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5"
}
}
}
],
"category": "product_name",
"name": "JBoss Enterprise Application Platform"
},
{
"category": "product_name",
"name": "Red Hat JBoss Operations Network (JON)",
"product": {
"name": "Red Hat JBoss Operations Network (JON)",
"product_id": "T003722",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_operations_network:3.2.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Web Server",
"product": {
"name": "Red Hat JBoss Web Server",
"product_id": "T003426",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7501",
"product_status": {
"known_affected": [
"T001735",
"T006545",
"T003303",
"120737",
"T003722",
"T003426",
"160056",
"T044145"
]
},
"release_date": "2015-11-22T23:00:00.000+00:00",
"title": "CVE-2015-7501"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…